| Vulnerability Name: | CVE-2001-1072 (CCN-8633) | ||||||||
| Assigned: | 2001-08-12 | ||||||||
| Published: | 2001-08-12 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Aug 12 2001 - 20:46:26 CDT Are your mod_rewrite rules doing what you expect? Source: MITRE Type: CNA CVE-2001-1072 Source: CCN Type: ApacheWeek, Issue 281, 1st February 2002 Security Reports Source: CONFIRM Type: UNKNOWN http://www.apacheweek.com/issues/02-02-01#security Source: CCN Type: OSVDB ID: 1926 Apache HTTP Server mod_rewrite Crafted URI Rule Bypass Source: BUGTRAQ Type: Patch, Vendor Advisory 20010812 Are your mod_rewrite rules doing what you expect? Source: BID Type: Patch, Vendor Advisory 3176 Source: CCN Type: BID-3176 Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability Source: XF Type: UNKNOWN apache-rewrite-bypass-directives(8633) Source: XF Type: UNKNOWN apache-rewrite-bypass-directives(8633) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||