Description

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Remediation

References

CVE-2001-0042

Related Vulnerabilities

Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)

WordPress Plugin WP OAuth Server (OAuth Authentication) Security Bypass (3.1.4)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0.1)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Cross-Site Scripting (4.27.2)

Drupal CVE-2017-6930 Vulnerability (CVE-2017-6930)

Severity

Medium

Classification

CVE-2001-0042

Tags

Missing Update Known Vulnerabilities