Vulnerability Name:

CVE-2001-0731 (CCN-8275)

Assigned:2001-07-09
Published:2001-07-09
Updated:2021-06-06
Summary:Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: SGI Security Advisory 20020301-01-P
Apache vulnerabilities on IRIX

Source: SGI
Type: UNKNOWN
20020301-01-P

Source: CCN
Type: BugTraq Mailing List, Mon Jul 09 2001 - 20:47:44 CDT
How Google indexed a file with no external link

Source: MITRE
Type: CNA
CVE-2001-0731

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:077

Source: CCN
Type: Apache Web site
Apache HTTPD Project - The Apache HTTP Server Project

Source: CCN
Type: RHSA-2001-126
Updated apache packages available

Source: CCN
Type: ApacheWeek, Issue 265, 5th October 2001
Security Reports

Source: CONFIRM
Type: Patch
http://www.apacheweek.com/issues/01-10-05#security

Source: CCN
Type: CIAC Information Bulletin M-058
Apache Vulnerabilities on IRIX

Source: CCN
Type: OSVDB ID: 582
Apache HTTP Server Multiviews Feature Arbitrary Directory Listing

Source: REDHAT
Type: UNKNOWN
RHSA-2001:126

Source: REDHAT
Type: UNKNOWN
RHSA-2001:164

Source: BUGTRAQ
Type: UNKNOWN
20010709 How Google indexed a file with no external link

Source: BID
Type: UNKNOWN
3009

Source: CCN
Type: BID-3009
Apache Possible Directory Index Disclosure Vulnerability

Source: XF
Type: UNKNOWN
apache-multiviews-directory-listing(8275)

Source: XF
Type: UNKNOWN
apache-multiviews-directory-listing(8275)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.14:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server 1.3.20
    apache http server 1.3.20
    redhat linux 6.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    redhat linux 7.2
    sgi irix 6.5.12
    sgi irix 6.5.13
    sgi irix 6.5.14