5
CVSSv2

CVE-2004-0173

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5 | VMScore: 600 | EPSS: 0.0042 | KEV: Not Included
Published: 15/04/2004 Updated: 20/11/2024

Vulnerability Summary

Directory traversal vulnerability in Apache 1.3.29 and previous versions, and Apache 2.0.48 and previous versions, when running on Cygwin, allows remote malicious users to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 0.8.11

apache http server 0.8.14

apache http server 1.0

apache http server 1.0.2

apache http server 1.0.3

apache http server 1.0.5

apache http server 1.1

apache http server 1.1.1

apache http server 1.2

apache http server 1.2.5

apache http server 1.3

Exploits

source: wwwsecurityfocuscom/bid/9733/info It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory This issue is only reported to present itself in Apache running on cygwin platforms A remote attacker may traverse outside ...