Description

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Remediation

References

CVE-2001-0925

Related Vulnerabilities

WordPress Plugin Google Analytics Dashboard SQL Injection (2.0.4)

WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.5.10)

IBM RTC Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1753)

Joomla Improper Input Validation Vulnerability (CVE-2011-4911)

WordPress Plugin Nooz Cross-Site Scripting (1.6.0)

Severity

Medium

Classification

CVE-2001-0925 CWE-22

Tags

Missing Update Known Vulnerabilities