Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hgay-a8e4-dbht
Vulnerability ID VCID-hgay-a8e4-dbht
Aliases CVE-2001-0925
Summary The default installation can lead mod_negotiation and mod_dir or mod_autoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.89498 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.89498 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.89498 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.89498 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
apache_httpd important https://httpd.apache.org/security/json/CVE-2001-0925.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2001-0925
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2001-0925
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apacheweek.com/features/security-13
http://www.debian.org/security/2001/dsa-067
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3
http://www.linuxsecurity.com/advisories/other_advisory-1452.html
http://www.securityfocus.com/archive/1/168497
http://www.securityfocus.com/archive/1/178066
http://www.securityfocus.com/archive/1/193081
http://www.securityfocus.com/bid/2503
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
CVE-2001-0925 https://httpd.apache.org/security/json/CVE-2001-0925.json
CVE-2001-0925 https://nvd.nist.gov/vuln/detail/CVE-2001-0925
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20692.pl
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20693.c
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20694.pl
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20695.pl
CVE-2001-0925;OSVDB-9699 Exploit https://www.securityfocus.com/bid/2503/info
Data source Exploit-DB
Date added June 13, 2001
Description Apache 1.3 - Artificially Long Slash Path Directory Listing (4)
Ransomware campaign use Known
Source publication date June 13, 2001
Exploit type remote
Platform multiple
Source update date Aug. 20, 2012
Source URL https://www.securityfocus.com/bid/2503/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2001-0925
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99549
EPSS Score 0.89498
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:11.464189+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2001-0925.json 38.0.0