Vulnerability Name:
CVE-2000-0913 (CCN-5310)
Assigned:
2000-09-29
Published:
2000-09-29
Updated:
2021-06-06
Summary:
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
File Manipulation
References:
Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-035.0
file view vulnerability in mod_rewrite
Source: BUGTRAQ
Type: UNKNOWN
20000929 Security vulnerability in Apache mod_rewrite
Source: BUGTRAQ
Type: UNKNOWN
20001011 Conectiva Linux Security Announcement - apache
Source: HP
Type: UNKNOWN
HPSBUX0010-126
Source: MITRE
Type: CNA
CVE-2000-0913
Source: CCN
Type: The Apache Software Foundation Web site
Apache HTTP Server Project
Source: CCN
Type: RHSA-2000-088
Updated apache
Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0010-126
Sec. Vulnerability in Praesidium Web Proxy 1.0
Source: CCN
Type: ApacheWeek Web site
Security vulnerability in mod_rewrite
Source: CALDERA
Type: UNKNOWN
CSSA-2000-035.0
Source: MANDRAKE
Type: UNKNOWN
MDKSA-2000:060
Source: CCN
Type: OSVDB ID: 1577
Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
Source: REDHAT
Type: UNKNOWN
RHSA-2000:088
Source: REDHAT
Type: UNKNOWN
RHSA-2000:095
Source: BID
Type: Patch, Vendor Advisory
1728
Source: CCN
Type: BID-1728
Apache Rewrite Module Arbitrary File Disclosure Vulnerability
Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:060-2
apache
Source: XF
Type: UNKNOWN
apache-rewrite-view-files(5310)
Source: XF
Type: UNKNOWN
apache-rewrite-view-files(5310)
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apache:http_server:1.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:0.8.14:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0.5:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:0.8.11:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.3.11:*:win32:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:apache:http_server:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:0.8.11:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:0.8.14:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.0.5:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apache:http_server:1.1.1:*:*:*:*:*:*:*
AND
cpe:/a:apache:http_server:*:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
OR
cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apache
http server 1.0.2
apache
http server 1.0.3
apache
http server 0.8.14
apache
http server 1.0
apache
http server 1.3.12
apache
http server 1.0.5
apache
http server 1.1
apache
http server 0.8.11
apache
http server 1.1.1
apache
http server 1.3.11
apache
http server 1.0
apache
http server 1.3.12
apache
http server 1.3.11
apache
http server 0.8.11
apache
http server 0.8.14
apache
http server 1.0.2
apache
http server 1.0.3
apache
http server 1.0.5
apache
http server 1.1
apache
http server 1.1.1
apache
http server *
redhat
linux 6.2
redhat
linux 7
redhat
linux 7.1
redhat
linux 7.2
redhat
linux 7.3
Denotes that component is vulnerable