CVE-2001-0766

Published: Oct 18, 2001Modified: Apr 16, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

Affected (1)

Products: Apache: Http Server

Apache

1 product

Http Server

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apache Http Server	Version 1.3.14

Running on/with	Platform Versions
Apple Mac Os X	Version 10.0.3

Related CWEs

CWE-178

Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

References (4)

http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/bid/2852

Source: cve@mitre.org

Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/bid/2852

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory

Timeline

No history available yet.