CVE-2003-1138 — MEDIUM (5.0)

Vulnerability Description

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Interchange	2.0.40_21.5

References

http://www.securityfocus.com/archive/1/342578ExploitVendor Advisory
http://www.securityfocus.com/bid/8898Vendor Advisory
http://www.securityfocus.com/archive/1/342578ExploitVendor Advisory
http://www.securityfocus.com/bid/8898Vendor Advisory

FAQ

What is CVE-2003-1138?

CVE-2003-1138 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page c...

How severe is CVE-2003-1138?

CVE-2003-1138 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-1138?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Interchange.