CVE-2002-0661

Apache HTTP Server - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Auriemma Luigi · textremotewindows

https://www.exploit-db.com/exploits/21697

View Code ZIP pw:eip

References (17)

[Patch, Vendor Advisory] http://httpd.apache.org/info/security_bulletin_20020908a.txt

[Third Party Advisory] http://www.iss.net/security_center/static/9808.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5434

[Mailing List] http://marc.info/?l=bugtraq&m=102892744011436&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=102951160411052&w=2

[Mailing List] https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Scores

EPSS 0.9131

EPSS Percentile 99.7%

Details

Status published

Products (9)

apache/http_server 2.0

apache/http_server 2.0.28 (3 CPE variants)

apache/http_server 2.0.32 (2 CPE variants)

apache/http_server 2.0.34 beta

apache/http_server 2.0.35

apache/http_server 2.0.36

apache/http_server 2.0.37

apache/http_server 2.0.38

apache/http_server 2.0.39

Published Aug 12, 2002

Tracked Since Feb 18, 2026