CVE-2003-1138

Red Hat Interchange - Directory Listing via Double Slash Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1138. PoCs published by TfM.

AI-analyzed exploit summary The exploit describes a directory listing vulnerability in Apache 2.0.40 on Red Hat Linux 9.0, where appending '//' to a URL bypasses autoindex restrictions. This allows attackers to view directory contents even when autoindex is disabled.

Description

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

Exploits (1)

exploitdb WRITEUP VERIFIED
by TfM · textremotelinux
https://www.exploit-db.com/exploits/23296

The exploit describes a directory listing vulnerability in Apache 2.0.40 on Red Hat Linux 9.0, where appending '//' to a URL bypasses autoindex restrictions. This allows attackers to view directory contents even when autoindex is disabled.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache 2.0.40 on Red Hat Linux 9.0
No auth needed
Prerequisites: Apache 2.0.40 with autoindex disabled for root directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8898
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/342578

Scores

EPSS 0.0544
EPSS Percentile 91.8%

Details

Status published
Products (1)
redhat/interchange 2.0.40_21.5
Published Oct 27, 2003
Tracked Since Feb 18, 2026