CVE-2004-0173

Exploit

EPSS 44.93%
Published 15.04.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version0.8.11

Apache ≫ HTTP Server Version0.8.14

Apache ≫ HTTP Server Version1.0

Apache ≫ HTTP Server Version1.0.2

Apache ≫ HTTP Server Version1.0.3

Apache ≫ HTTP Server Version1.0.5

Apache ≫ HTTP Server Version1.1

Apache ≫ HTTP Server Version1.1.1

Apache ≫ HTTP Server Version1.2

Apache ≫ HTTP Server Version1.2.5

Apache ≫ HTTP Server Version1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	44.93%	0.975

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://issues.apache.org/bugzilla/show_bug.cgi?id=26152

http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html

http://marc.info/?l=bugtraq&m=107765545431387&w=2

http://secunia.com/advisories/10962

http://www.apacheweek.com/issues/04-03-12

http://www.securityfocus.com/bid/9733

Patch

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/15293

https://nvd.nist.gov/vuln/detail/CVE-2004-0173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0173

EUVD