ID CVE-2000-0505
Summary The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:1.3.6:-:win32
    cpe:2.3:a:apache:http_server:1.3.6:-:win32
  • cpe:2.3:a:apache:http_server:1.3.9:-:win32
    cpe:2.3:a:apache:http_server:1.3.9:-:win32
  • cpe:2.3:a:apache:http_server:1.3.11:-:win32
    cpe:2.3:a:apache:http_server:1.3.11:-:win32
  • cpe:2.3:a:apache:http_server:1.3.12:-:win32
    cpe:2.3:a:apache:http_server:1.3.12:-:win32
  • cpe:2.3:a:ibm:http_server:1.3.3:-:win32
    cpe:2.3:a:ibm:http_server:1.3.3:-:win32
  • cpe:2.3:a:ibm:http_server:1.3.6.2:-:win32
    cpe:2.3:a:ibm:http_server:1.3.6.2:-:win32
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability. CVE-2000-0505. Remote exploit for windows platform
id EDB-ID:19975
last seen 2016-02-02
modified 2000-05-31
published 2000-05-31
reporter H D Moore
source https://www.exploit-db.com/download/19975/
title Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
nessus via4
NASL family Web Servers
NASL id APACHE_SLASH.NASL
description Certain versions of Apache for Win32 have a bug wherein remote users can list directory entries. Specifically, by appending multiple /'s to the HTTP GET command, the remote Apache server will list all files and subdirectories within the web root (as defined in httpd.conf).
last seen 2019-02-21
modified 2018-06-29
plugin id 10440
published 2000-06-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10440
title Apache for Windows Multiple Forward Slash Directory Listing
refmap via4
bid 1284
bugtraq 20000603 Re: IBM HTTP SERVER / APACHE
xf ibm-http-file-retrieve(4575)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 1.3.14: http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 10-09-2008 - 15:04
Published 31-05-2000 - 00:00
Last modified 09-10-2017 - 21:29
Back to Top