CVE-2001-0925

Apache HTTP Server - Directory Listing via Excessive Slash Characters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2001-0925. PoCs published by st0ic, farm9, rfp.

AI-analyzed exploit summary This C program exploits CVE-2001-0925 by sending a crafted HTTP request with an artificially long path of slashes to an Apache server, causing directory indexing to be revealed even when an index.html file is present. It tests a range of slash counts to determine vulnerability.

Description

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Exploits (4)

exploitdb WORKING POC VERIFIED
by st0ic · cremotemultiple
https://www.exploit-db.com/exploits/20693

This C program exploits CVE-2001-0925 by sending a crafted HTTP request with an artificially long path of slashes to an Apache server, causing directory indexing to be revealed even when an index.html file is present. It tests a range of slash counts to determine vulnerability.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server < 1.3.19
No auth needed
Prerequisites: Apache with mod_dir, mod_autoindex, and mod_negotiation enabled · Directory must have Indexes and MultiView options enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by farm9 · perlremotemultiple
https://www.exploit-db.com/exploits/20695

This exploit targets a vulnerability in Apache HTTPD (CVE-2001-0925) by sending a crafted HTTP request with an artificially long path of slashes to bypass directory indexing restrictions. It leverages a flaw in `ap_sub_req_lookup_file` where `stat()` fails on overly long paths, potentially exposing directory contents.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTPD < 1.3.19
No auth needed
Prerequisites: mod_dir, mod_autoindex, and mod_negotiation enabled · Directory must have 'Indexes' and 'MultiView' options enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by farm9 · perlremotemultiple
https://www.exploit-db.com/exploits/20694

This exploit targets a vulnerability in Apache HTTPD (CVE-2001-0925) by sending a request with an artificially long path of slashes to trigger a directory listing, bypassing the default index.html. It leverages a flaw in the ap_sub_req_lookup_file subroutine where stat() fails on overly long paths.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTPD < 1.3.19
No auth needed
Prerequisites: mod_dir, mod_autoindex, and mod_negotiation enabled · Directory must have Indexes and MultiView options enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rfp · perlremotemultiple
https://www.exploit-db.com/exploits/20692

This exploit targets a directory traversal vulnerability in Apache HTTPD versions prior to 1.3.19 by sending a request with an artificially long path of slashes. It uses the libwhisker library to craft HTTP requests and checks for a directory listing response.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTPD < 1.3.19
No auth needed
Prerequisites: Network access to the target Apache server · Apache HTTPD with mod_dir, mod_autoindex, and mod_negotiation enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/193081
Vendor Advisory x_refsource_confirm
http://www.apacheweek.com/features/security-13
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/178066
Third Party Advisory vendor-advisory x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-1452.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/168497
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2001/dsa-067
Broken Link vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3
Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2503

Scores

EPSS 0.7524
EPSS Percentile 99.5%

Details

CWE
CWE-22
Status published
Products (5)
apache/http_server 1.3.11
apache/http_server 1.3.12
apache/http_server 1.3.14
apache/http_server 1.3.17
debian/debian_linux 2.2
Published Mar 12, 2001
Tracked Since Feb 18, 2026