6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.6%
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
secunia.com/advisories/21490
securityreason.com/securityalert/1370
www.osvdb.org/27913
www.securityfocus.com/archive/1/442882/100/0/threaded
www.securityfocus.com/archive/1/443487/100/200/threaded
www.securityfocus.com/bid/19447
www.vupen.com/english/advisories/2006/3265
exchange.xforce.ibmcloud.com/vulnerabilities/28357