Apache : Security Vulnerabilities, CVEs, Published In March 2001
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
Max CVSS
5.0
EPSS Score
94.79%
Published
2001-03-12
Updated
2021-07-06
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
3.3
EPSS Score
0.04%
Published
2001-03-12
Updated
2020-10-09
2 vulnerabilities found