CVE-2000-0868
Apache HTTP Server 1.3.12 - Unauthenticated Source Code Disclosure via CGI Script Path Manipulation
Title source: llmDescription
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_suse
http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1658
Patch, Vendor Advisory vendor-advisory
x_refsource_atstake
http://www.atstake.com/research/advisories/2000/a090700-2.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5197
Scores
EPSS
0.0881
EPSS Percentile
92.6%
Details
Status
published
Products (3)
apache/http_server
1.3.12
suse/suse_linux
6.3
suse/suse_linux
6.4
Published
Nov 14, 2000
Tracked Since
Feb 18, 2026