CVE-2000-1016

Apache httpd.conf - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1016. PoCs published by t0maszek.

AI-analyzed exploit summary This exploit describes an information disclosure vulnerability in S.u.S.E 6.3 or 6.4 systems due to misconfigured Apache httpd.conf, allowing unauthenticated access to the list of installed packages via a specific URL.

Description

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Exploits (1)

exploitdb WRITEUP VERIFIED
by t0maszek · textremotelinux
https://www.exploit-db.com/exploits/20236

This exploit describes an information disclosure vulnerability in S.u.S.E 6.3 or 6.4 systems due to misconfigured Apache httpd.conf, allowing unauthenticated access to the list of installed packages via a specific URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: S.u.S.E Linux 6.3, 6.4 with Apache
No auth needed
Prerequisites: Target running S.u.S.E 6.3 or 6.4 with default Apache configuration
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5276
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1707
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/84360

Scores

EPSS 0.0757
EPSS Percentile 93.8%

Details

Status published
Products (2)
suse/suse_linux 6.3
suse/suse_linux 6.4
Published Dec 11, 2000
Tracked Since Feb 18, 2026