Vulnerabilities > CVE-2003-1138 - Unspecified vulnerability in Redhat Interchange 2.0.4021.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Red Hat Apache 2.0.40 Directory Index Default Configuration Error. CVE-2003-1138. Remote exploit for linux platform |
id | EDB-ID:23296 |
last seen | 2016-02-02 |
modified | 2003-10-27 |
published | 2003-10-27 |
reporter | TfM |
source | https://www.exploit-db.com/download/23296/ |
title | Red Hat Apache 2.0.40 - Directory Index Default Configuration Error |
Nessus
NASL family | Web Servers |
NASL id | APACHE2_DOUBLE_SLASH.NASL |
description | It is possible to obtain the listing of the content of the remote web server root by sending the request |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11909 |
published | 2003-10-27 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11909 |
title | Apache Double Slash GET Request Forced Directory Listing |
code |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue. |