Vulnerability Name:

CVE-2000-0505 (CCN-4575)

Assigned:2000-05-31
Published:2000-05-31
Updated:2021-06-06
Summary:The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Wed May 31 2000 - 13:34:30 CDT
IBM HTTP SERVER / APACHE

Source: CCN
Type: BugTraq Mailing List, Sat Jun 03 2000 - 20:43:33 CDT
Re: IBM HTTP SERVER / APACHE

Source: MITRE
Type: CNA
CVE-2000-0505

Source: CCN
Type: Apache Server Project Web site
Apache Server downloads

Source: CCN
Type: OSVDB ID: 342
Apache HTTP Server for Windows Multiple Forward Slash Directory Listing

Source: BID
Type: Exploit, Patch, Vendor Advisory
1284

Source: CCN
Type: BID-1284
Apache HTTP Server (win32) Root Directory Access Vulnerability

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20000603 Re: IBM HTTP SERVER / APACHE

Source: XF
Type: UNKNOWN
apache-ibm-http-file-retrieve(4575)

Source: XF
Type: UNKNOWN
ibm-http-file-retrieve(4575)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3.11:*:win32:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:win32:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.3:*:win32:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.6.2:*:win32:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.6:*:win32:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:win32:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:1.3.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server 1.3.11
    apache http server 1.3.12
    ibm http server 1.3.3
    ibm http server 1.3.6.2
    apache http server 1.3.6
    apache http server 1.3.9
    apache http server 1.3.6
    apache http server 1.3.9
    apache http server 1.3.12
    apache http server 1.3.11
    ibm http server 1.3.6.2
    ibm http server 1.3.3