ID CVE-2002-0661
Summary Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
  • Apache Software Foundation Apache HTTP Server 2.0.28
    cpe:2.3:a:apache:http_server:2.0.28
  • Apache Software Foundation Apache HTTP Server 2.0.28 Beta
    cpe:2.3:a:apache:http_server:2.0.28:beta
  • cpe:2.3:a:apache:http_server:2.0.28:beta:win32
    cpe:2.3:a:apache:http_server:2.0.28:beta:win32
  • Apache Software Foundation Apache HTTP Server 2.0.32
    cpe:2.3:a:apache:http_server:2.0.32
  • cpe:2.3:a:apache:http_server:2.0.32:beta:win32
    cpe:2.3:a:apache:http_server:2.0.32:beta:win32
  • cpe:2.3:a:apache:http_server:2.0.34:beta:win32
    cpe:2.3:a:apache:http_server:2.0.34:beta:win32
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Apache 2.0 Encoded Backslash Directory Traversal Vulnerability. CVE-2002-0661. Remote exploit for windows platform
id EDB-ID:21697
last seen 2016-02-02
modified 2002-08-09
published 2002-08-09
reporter Auriemma Luigi
source https://www.exploit-db.com/download/21697/
title Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
nessus via4
NASL family Web Servers
NASL id APACHE_WIN32_DIR_TRAV.NASL
description A security vulnerability in Apache 2.0.39 on Windows systems allows attackers to access files that would otherwise be inaccessible using a directory traversal attack. An attacker could use this to read sensitive files or potentially execute any command on your system.
last seen 2019-02-21
modified 2018-06-29
plugin id 11092
published 2002-08-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11092
title Apache <= 2.0.39 Win32 Crafted Traversal Arbitrary File Access
refmap via4
bid 5434
bugtraq
  • 20020809 Apache 2.0 vulnerability affects non-Unix platforms
  • 20020816 Apache 2.0.39 directory traversal and path disclosure bug
confirm http://httpd.apache.org/info/security_bulletin_20020908a.txt
xf apache-access-data(9808)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.40: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:21
Published 12-08-2002 - 00:00
Back to Top