Summary
A security vulnerability in Apache 2.0.39 on Windows systems allows attackers to access files that would otherwise be inaccessible using a directory traversal attack.
A cracker may use this to read sensitive files or even execute any command on your system.
Solutions:
- Upgrade to Apache 2.0.40
- or install it on a Unix machine
- or add in your httpd.conf, before the first
'Alias' or 'Redirect' directive:
RedirectMatch 400 \\\.\.
Severity
Classification
-
CVE CVE-2002-0661 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache 2.0.39 Win32 directory traversal
- Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability
- CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability
- httpdx 'USER' Command Remote Format String Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011