CVE Vulnerabilities

CVE-2003-1138

Published: Oct 27, 2003 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

Affected Software

Name Vendor Start Version End Version
Interchange Redhat 2.0.40_21.5 2.0.40_21.5

References