Vulnerability Description
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3.14 |
References
- http://www.apacheweek.com/issues/02-02-01#security
- http://www.securityfocus.com/archive/1/203955PatchVendor Advisory
- http://www.securityfocus.com/bid/3176PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8633
- http://www.apacheweek.com/issues/02-02-01#security
- http://www.securityfocus.com/archive/1/203955PatchVendor Advisory
- http://www.securityfocus.com/bid/3176PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8633
FAQ
What is CVE-2001-1072?
CVE-2001-1072 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression...
How severe is CVE-2001-1072?
CVE-2001-1072 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1072?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.