CVE-2001-0731

Apache HTTP Server 1.3.20 - Directory Listing Exposure via Multiviews M=D Query String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0731. PoCs published by Kevin.

AI-analyzed exploit summary The provided text describes a vulnerability in Apache's 'multiview' functionality that could lead to directory listing disclosure even when an 'index.html' file is present. It includes example URLs to exploit the issue but lacks executable code.

Description

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kevin · textremotemultiple

https://www.exploit-db.com/exploits/21002

View Code ZIP pw:eip

The provided text describes a vulnerability in Apache's 'multiview' functionality that could lead to directory listing disclosure even when an 'index.html' file is present. It includes example URLs to exploit the issue but lacks executable code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Apache HTTP Server (version not specified)

No auth needed

Prerequisites: Directory indexing enabled · Presence of 'index.html' file · Apache 'multiview' functionality active

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Patch x_refsource_confirm

http://www.apacheweek.com/issues/01-10-05#security

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2001-164.html

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P

Various Sources vendor-advisory x_refsource_mandrake

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2001-126.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/20010709214744.A28765%40brasscannon.net

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/8275

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3009

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

Scores

EPSS 0.5676

EPSS Percentile 98.9%

Details

Status published

Products (1)

apache/http_server 1.3.20

Published Oct 01, 2001

Tracked Since Feb 18, 2026