CVE-2003-1138

Apache 2.0.40 - Info Disclosure

Title source: llm

Description

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

Exploits (1)

exploitdb WRITEUP VERIFIED

by TfM · textremotelinux

https://www.exploit-db.com/exploits/23296

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8898

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/342578

Scores

EPSS 0.0523

EPSS Percentile 90.0%

Details

Status published

Products (1)

redhat/interchange 2.0.40_21.5

Published Oct 27, 2003

Tracked Since Feb 18, 2026