65 matches found
Apache Httpd < 2.2.12 : CRLF injection in mod_negotiation when untrusted uploads are supported
Possible CRLF injection allowing HTTP response splitting attacks for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled...
CVE-2001-0925
The CVE-2001-0925 entry describes a vulnerability in the default installation of Apache prior to 1.3.19 where a crafted HTTP request containing many slashes can cause directory listings (instead of the multiview index) due to mishandling by mod_negotiation, mod_dir, or mod_autoindex. Affected sof...
Apache 1.3 - Artificially Long Slash Path Directory Listing (3)
source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / slash characters, which causes the path to be mishandled by 1 modnegotiation, 2 moddir, or 3 modautoindex...
Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed
The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...