CVE-2001-1449

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/913704	Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/8029

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:http_server:1.3:::::::*
	cpe:2.3:a:apache:http_server:1.3.1:::::::*
	cpe:2.3:a:apache:http_server:1.3.3:::::::*
	cpe:2.3:a:apache:http_server:1.3.4:::::::*
	cpe:2.3:a:apache:http_server:1.3.6:::::::*
	cpe:2.3:a:apache:http_server:1.3.9:::::::*
	cpe:2.3:a:apache:http_server:1.3.11:::::::*
	cpe:2.3:a:apache:http_server:1.3.12:::::::*
	cpe:2.3:a:apache:http_server:1.3.14:::::::*
	cpe:2.3:a:apache:http_server:1.3.17:::::::*
	cpe:2.3:a:apache:http_server:1.3.18:::::::*
	cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:7.3:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:::::::*

History

No history.

Information

Published : 2001-11-28 05:00

Updated : 2017-07-11 01:29

NVD link : CVE-2001-1449

Mitre link : CVE-2001-1449

CVE.ORG link : CVE-2001-1449

JSON object : View

Products Affected

mandrakesoft

mandrake_linux_corporate_server
mandrake_linux
mandrake_single_network_firewall

apache

http_server

CWE

NVD-CWE-Other

{"id": "CVE-2001-1449", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2001-11-28T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/913704", "tags": ["Patch", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories."}], "lastModified": "2017-07-11T01:29:07.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696"}, {"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560"}, {"criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58D49AA-BBA0-4496-9A52-3D5C9DAEB58B"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}