1.3.19

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

apache

NVD

Published: 2001-08-31

Updated: 2017-10-10

Summary

Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server 1.3.14 Apache Http Server 1.3.17 Apache Http Server 1.3.19	3

References

http://www.apacheweek.com/issues/02-02-01#security
http://www.securityfocus.com/archive/1/203955
http://www.securityfocus.com/bid/3176
https://exchange.xforce.ibmcloud.com/vulnerabilities/8633