CVE-2003-1138

Published: Oct 27, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

Affected (1)

Products: Redhat: Interchange

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Interchange	Version 2.0.40_21.5

References (4)

http://www.securityfocus.com/archive/1/342578

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/bid/8898

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/342578

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/bid/8898

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.