CVE-2004-0173

Exploit

EPSS 44.93%
Veröffentlicht 15.04.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version0.8.11

Apache ≫ HTTP Server Version0.8.14

Apache ≫ HTTP Server Version1.0

Apache ≫ HTTP Server Version1.0.2

Apache ≫ HTTP Server Version1.0.3

Apache ≫ HTTP Server Version1.0.5

Apache ≫ HTTP Server Version1.1

Apache ≫ HTTP Server Version1.1.1

Apache ≫ HTTP Server Version1.2

Apache ≫ HTTP Server Version1.2.5

Apache ≫ HTTP Server Version1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	44.93%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://issues.apache.org/bugzilla/show_bug.cgi?id=26152

http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html

http://marc.info/?l=bugtraq&m=107765545431387&w=2

http://secunia.com/advisories/10962

http://www.apacheweek.com/issues/04-03-12

http://www.securityfocus.com/bid/9733

Patch

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/15293

https://nvd.nist.gov/vuln/detail/CVE-2004-0173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0173

EUVD