CVE-2004-0173 Information

Description

Directory traversal vulnerability in Apache 1.3.29 and earlier and Apache 2.0.48 and earlier when running on Cygwin allows remote attackers to read arbitrary files via a URL containing ..5C\ (dot dot encoded backslash) sequences.

Reference

http://issues.apache.org/bugzilla/show_bug.cgi?id=26152 http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html http://marc.info/?l=bugtraq&m=107765545431387&w=2 http://secunia.com/advisories/10962 http://www.apacheweek.com/issues/04-03-12 http://www.securityfocus.com/bid/9733 https://exchange.xforce.ibmcloud.com/vulnerabilities/15293