CVE-2002-0661
Apache HTTP Server 2.0-2.0.39 - Directory Traversal via Backslash-Encoded Dot-Dot Sequences
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0661. PoCs published by Auriemma Luigi.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Apache 2.0.39 and earlier on non-Unix platforms. It uses URL-encoded backslashes to escape the web root and access sensitive files or execute arbitrary programs.
Description
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Auriemma Luigi · textremotewindows
https://www.exploit-db.com/exploits/21697
This exploit demonstrates a directory traversal vulnerability in Apache 2.0.39 and earlier on non-Unix platforms. It uses URL-encoded backslashes to escape the web root and access sensitive files or execute arbitrary programs.
Classification
Working Poc 90%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target:
Apache 2.0.39 and earlier (non-Unix platforms)
No auth needed
Prerequisites:
Apache server running on a non-Unix platform (e.g., Windows, OS2, Netware)
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (17)
Core 17
Core References
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9808.php
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102892744011436&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5434
Patch, Vendor Advisory x_refsource_confirm
http://httpd.apache.org/info/security_bulletin_20020908a.txt
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102951160411052&w=2
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.6970
EPSS Percentile
99.3%
Details
Status
published
Products (9)
apache/http_server
2.0
apache/http_server
2.0.28 (3 CPE variants)
apache/http_server
2.0.32 (2 CPE variants)
apache/http_server
2.0.34 beta
apache/http_server
2.0.35
apache/http_server
2.0.36
apache/http_server
2.0.37
apache/http_server
2.0.38
apache/http_server
2.0.39
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026