Moderate

CVE-2004-0173 - Unspecified vulnerability in Apache HTTP Server

Publication: 2004-04-15
Summary

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apache Http Server 0.8.11
  • Apache Http Server 0.8.14
  • Apache Http Server 1.0
  • Apache Http Server 1.0.2
  • Apache Http Server 1.0.3
  • Apache Http Server 1.0.5
  • Apache Http Server 1.1
  • Apache Http Server 1.1.1
  • Apache Http Server 1.2
  • Apache Http Server 1.2.5
  • Apache Http Server 1.3