Description

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Remediation

References

CVE-2004-0173

Related Vulnerabilities

MyBB Improper Access Control Vulnerability (CVE-2016-9412)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3389)

Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.2.6)

WordPress 4.2.x Denial of Service Vulnerability (4.2 - 4.2.19)

Vanilla Forums Other Vulnerability (CVE-2011-0910)

Severity

Medium

Classification

CVE-2004-0173

Tags

Missing Update Known Vulnerabilities