header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Apache Web Server PHP3 Script Disclosure
200
CWE
Product Name: Apache HTTP Server
Affected Version From: Apache 1.3.19
Affected Version To: Apache 1.3.19
Patch Exists: YES
Related CWE: CVE-2001-0241
CPE: o:apache:apache_http_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

Apache Web Server PHP3 Script Disclosure

Apache Web Server is vulnerable to a file disclosure vulnerability when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known file that resides on the target host.

Mitigation:

Upgrade to Apache version 1.3.20 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2060/info

Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language.

By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known file that resides on the target host.

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information and possibly assist in further attacks against the victim. 

http://target/index.php3.%5c../..%5cconf/httpd.conf

Navigation

Suggest Exploit

Services By CQR