Lucene search

MitreCVE-2004-0173

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-0173

2004-09-0104:00:00

mitre

web.nvd.nist.gov

apache

directory traversal

remote attackers

cygwin

vulnerability

nvd

cve-2004-0173

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing “…%5C” (dot dot encoded backslash) sequences.

Affected configurations

Nvd

Node

apachehttp_serverMatch0.8.11

apachehttp_serverMatch0.8.14

apachehttp_serverMatch1.0

apachehttp_serverMatch1.0.2

apachehttp_serverMatch1.0.3

apachehttp_serverMatch1.0.5

apachehttp_serverMatch1.1

apachehttp_serverMatch1.1.1

apachehttp_serverMatch1.2

apachehttp_serverMatch1.2.5

apachehttp_serverMatch1.3

VendorProductVersionCPE
apachehttp_server0.8.11cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
apachehttp_server0.8.14cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
apachehttp_server1.0cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
apachehttp_server1.0.2cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
apachehttp_server1.0.3cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
apachehttp_server1.0.5cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
apachehttp_server1.1cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
apachehttp_server1.1.1cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
apachehttp_server1.2cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
apachehttp_server1.2.5cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	http_server	0.8.11	cpe:2.3:a:apache:http_server:0.8.11:::::::*
apache	http_server	0.8.14	cpe:2.3:a:apache:http_server:0.8.14:::::::*
apache	http_server	1.0	cpe:2.3:a:apache:http_server:1.0:::::::*
apache	http_server	1.0.2	cpe:2.3:a:apache:http_server:1.0.2:::::::*
apache	http_server	1.0.3	cpe:2.3:a:apache:http_server:1.0.3:::::::*
apache	http_server	1.0.5	cpe:2.3:a:apache:http_server:1.0.5:::::::*
apache	http_server	1.1	cpe:2.3:a:apache:http_server:1.1:::::::*
apache	http_server	1.1.1	cpe:2.3:a:apache:http_server:1.1.1:::::::*
apache	http_server	1.2	cpe:2.3:a:apache:http_server:1.2:::::::*
apache	http_server	1.2.5	cpe:2.3:a:apache:http_server:1.2.5:::::::*

Rows per page:

1-10 of 111

References

issues.apache.org/bugzilla/show_bug.cgi?id=26152

lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html

marc.info/?l=bugtraq&m=107765545431387&w=2

secunia.com/advisories/10962

www.apacheweek.com/issues/04-03-12

www.securityfocus.com/bid/9733

exchange.xforce.ibmcloud.com/vulnerabilities/15293

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

Related for CVE-2004-0173