Description
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Jeremy Bae · textremotewindows
https://www.exploit-db.com/exploits/23751
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html
Issue Tracking x_refsource_confirm
http://www.apacheweek.com/issues/04-03-12
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107765545431387&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15293
Various Sources x_refsource_confirm
http://issues.apache.org/bugzilla/show_bug.cgi?id=26152
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10962
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9733
Scores
EPSS
0.4493
EPSS Percentile
97.6%
Details
Status
published
Products (11)
apache/http_server
0.8.11
apache/http_server
0.8.14
apache/http_server
1.0
apache/http_server
1.0.2
apache/http_server
1.0.3
apache/http_server
1.0.5
apache/http_server
1.1
apache/http_server
1.1.1
apache/http_server
1.2
apache/http_server
1.2.5
... and 1 more
Published
Apr 15, 2004
Tracked Since
Feb 18, 2026