Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4110Apache Http Server vulnerability

5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
17.3%
top 4.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedAug 14
Latest updateMay 1

Description

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server2.0.58, 2.2.2, 2.2.3+2

🔴Vulnerability Details

2
GHSA
GHSA-vwm3-25gw-8xf3: Apache 22022-05-01
CVEList
CVE-2006-4110: Apache 22006-08-14

💥Exploits & PoCs

1
Exploit-DB
Apache 2.2.2 - CGI Script Source Code Information Disclosure2006-08-09

📋Vendor Advisories

1
Debian
CVE-2006-4110: apache2 - Apache 2.2.2, when running on Windows, allows remote attackers to read source co...2006
CVE-2006-4110 — Apache Http Server vulnerability | cvebase