Lucene search

[email protected]CVE-2001-0108

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0108

2001-09-1804:00:00

[email protected]

web.nvd.nist.gov

php

apache

.htaccess

remote attack

http request

bypass

cve-2001-0108

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Affected configurations

NVD

Node

phpphpMatch4.0

phpphpMatch4.0.1

phpphpMatch4.0.3

phpphpMatch4.0.4

Node

mandrakesoftmandrake_linuxMatch7.2

CPENameOperatorVersion
php:phpphpeq4.0
php:phpphpeq4.0.1
php:phpphpeq4.0.3
php:phpphpeq4.0.4

CPE	Name	Operator	Version
php:php	php	eq	4.0
php:php	php	eq	4.0.1
php:php	php	eq	4.0.3
php:php	php	eq	4.0.4

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373

marc.info/?l=bugtraq&m=97957961212852

www.debian.org/security/2001/dsa-020

www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3

www.redhat.com/support/errata/RHSA-2000-136.html

www.securityfocus.com/bid/2206

exchange.xforce.ibmcloud.com/vulnerabilities/5940

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2001-0108

cvelist1 nvd1 nessus2 openvas2