Vulnerability Details : CVE-2003-1138
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
Products affected by CVE-2003-1138
- cpe:2.3:a:redhat:interchange:2.0.40_21.5:*:i386:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-1138
3.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-1138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2003-1138
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue.
References for CVE-2003-1138
-
http://www.securityfocus.com/bid/8898
Vendor Advisory
-
http://www.securityfocus.com/archive/1/342578
Exploit;Vendor Advisory
Jump to