CVE-2001-0925

Name of the Vulnerable Software and Affected Versions Apache versions prior to 1.3.19

Description The default installation of Apache allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters. This causes the path to be mishandled by mod negotiation, mod dir, or mod autoindex.

Recommendations For versions prior to 1.3.19, update to version 1.3.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod negotiation, mod dir, and mod autoindex modules until a patch is available. Avoid using artificially created long paths with many slashes in HTTP requests to minimize the risk of exploitation.