Search for vulnerabilities
Vulnerability details: VCID-mw4t-1uf1-aaae
Vulnerability ID VCID-mw4t-1uf1-aaae
Aliases CVE-2001-0925
Summary The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.34483 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.34483 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.34483 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.34483 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85316 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.85462 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
epss 0.94793 https://api.first.org/data/v1/epss?cve=CVE-2001-0925
apache_httpd important https://httpd.apache.org/security/json/CVE-2001-0925.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2001-0925
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2001-0925
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apacheweek.com/features/security-13
http://www.debian.org/security/2001/dsa-067
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3
http://www.linuxsecurity.com/advisories/other_advisory-1452.html
http://www.securityfocus.com/archive/1/168497
http://www.securityfocus.com/archive/1/178066
http://www.securityfocus.com/archive/1/193081
http://www.securityfocus.com/bid/2503
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
CVE-2001-0925 https://httpd.apache.org/security/json/CVE-2001-0925.json
CVE-2001-0925 https://nvd.nist.gov/vuln/detail/CVE-2001-0925
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20692.pl
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20693.c
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20694.pl
CVE-2001-0925;OSVDB-9699 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/20695.pl
CVE-2001-0925;OSVDB-9699 Exploit https://www.securityfocus.com/bid/2503/info
Data source Exploit-DB
Date added June 13, 2001
Description Apache 1.3 - Artificially Long Slash Path Directory Listing (4)
Ransomware campaign use Known
Source publication date June 13, 2001
Exploit type remote
Platform multiple
Source update date Aug. 20, 2012
Source URL https://www.securityfocus.com/bid/2503/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2001-0925
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97113
EPSS Score 0.34483
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.