Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2001-0925

Disclosure Date: March 12, 2001 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

apache,
debian

Products

debian linux 2.2,
http server 1.3.11,
http server 1.3.12,
http server 1.3.14,
http server 1.3.17

References

Canonical

CVE-2001-0925 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0925)

BID-2503 (http://www.securityfocus.com/bid/2503)

Advisory

20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit (http://www.securityfocus.com/archive/1/193081)

http://www.apacheweek.com/features/security-13

20010419 OpenBSD 2.8patched Apache vuln! (http://www.securityfocus.com/archive/1/178066)

20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS (http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1)

XF-apache-slash-directory-listing(6921) (https://exchange.xforce.ibmcloud.com/vulnerabilities/6921)

20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released (http://www.securityfocus.com/archive/1/168497)

DSA-067 (http://www.debian.org/security/2001/dsa-067)

[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E)

[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E)

Miscellaneous

ESA-20010620-02 (http://www.linuxsecurity.com/advisories/other_advisory-1452.html)

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3

Rapid7

Technical Analysis