CVE-2000-1206

Name of the Vulnerable Software and Affected Versions Apache httpd versions prior to 1.3.11 Apache httpd version 1.3.9

Description A security issue exists in Apache httpd, particularly for sites using mass name-based virtual hosting with mod vhost alias or with special mod rewrite rules, allowing remote attackers to retrieve arbitrary files.

Recommendations For Apache httpd versions prior to 1.3.11, update to version 1.3.11 or later to resolve the issue. For Apache httpd version 1.3.9, consider disabling the mod vhost alias module or restricting its use until a patch is available. As a temporary workaround, consider restricting access to mod rewrite rules to minimize the risk of exploitation.