CVE-2001-0042
Apache HTTP Server - Arbitrary File Read via Encoded Backslash Dot-Dot Attack
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0042. PoCs published by china nsl.
AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in Apache Web Server when used with PHP3 to disclose arbitrary files. The crafted URL bypasses directory restrictions to access sensitive files like httpd.conf.
Description
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by china nsl · textremotemultiple
https://www.exploit-db.com/exploits/20466
This exploit leverages a path traversal vulnerability in Apache Web Server when used with PHP3 to disclose arbitrary files. The crafted URL bypasses directory restrictions to access sensitive files like httpd.conf.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Apache Web Server with PHP3
No auth needed
Prerequisites:
Apache Web Server with PHP3 enabled · Knowledge of target file paths
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/149210
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5659
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2060
Scores
EPSS
0.0860
EPSS Percentile
94.4%
Details
Status
published
Products (1)
apache/http_server
1.3
Published
Feb 16, 2001
Tracked Since
Feb 18, 2026