CVE-2000-0868

Name of the Vulnerable Software and Affected Versions Apache version 1.3.12

Description The default configuration of Apache in SuSE Linux allows remote attackers to read source code for CGI scripts by modifying the requested URL. Specifically, replacing the /cgi-bin/ in the URL with /cgi-bin-sdb/ enables this unauthorized access.

Recommendations For Apache version 1.3.12, consider reconfiguring the server to prevent information disclosure by restricting access to CGI scripts and modifying the default URL handling to prevent source code exposure. As a temporary workaround, restrict access to the /cgi-bin-sdb/ endpoint to minimize the risk of exploitation.