Sign-up

ID

VAR-200111-0056


CVE

CVE-2001-1449


TITLE

MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing

Trust: 0.8

sources: CERT/CC: VU#913704

DESCRIPTION

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. Apache is prone to a remote security vulnerability. An attacker can exploit this issue to perform unauthorized actions; other attacks are also possible

Trust: 1.98

sources: NVD: CVE-2001-1449 // CERT/CC: VU#913704 // BID: 88701 // VULHUB: VHN-4253

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:1.3.11

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.17

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.14

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.18

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.4

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.1

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.12

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:1.3.6

Trust: 1.6

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.9

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.3

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:1.0.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:7.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake single network firewallscope:eqversion:7.2

Trust: 1.0

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel:linux mandrakescope:eqversion:8.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:7.3

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:7.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:1.0.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.18

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.17

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.14

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.12

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3

Trust: 0.3

sources: CERT/CC: VU#913704 // BID: 88701 // CNNVD: CNNVD-200111-048 // NVD: CVE-2001-1449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1449
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#913704
value: 0.21

Trust: 0.8

CNNVD: CNNVD-200111-048
value: HIGH

Trust: 0.6

VULHUB: VHN-4253
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1449
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4253
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#913704 // VULHUB: VHN-4253 // CNNVD: CNNVD-200111-048 // NVD: CVE-2001-1449

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1449

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200111-048

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200111-048

EXTERNAL IDS

db:CERT/CCid:VU#913704

Trust: 2.8

db:NVDid:CVE-2001-1449

Trust: 2.0

db:XFid:8029

Trust: 0.9

db:CNNVDid:CNNVD-200111-048

Trust: 0.7

db:MANDRAKEid:MDKSA-2001:077

Trust: 0.6

db:BIDid:88701

Trust: 0.4

db:VULHUBid:VHN-4253

Trust: 0.1

sources: CERT/CC: VU#913704 // VULHUB: VHN-4253 // BID: 88701 // CNNVD: CNNVD-200111-048 // NVD: CVE-2001-1449

REFERENCES

url:http://www.kb.cert.org/vuls/id/913704

Trust: 3.0

url:http://www.mandriva.com/security/advisories?name=mdksa-2001:077-2

Trust: 3.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/8029

Trust: 2.1

url:http://xforce.iss.net/xforce/xfdb/8029

Trust: 0.9

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

sources: CERT/CC: VU#913704 // VULHUB: VHN-4253 // BID: 88701 // CNNVD: CNNVD-200111-048 // NVD: CVE-2001-1449

CREDITS

Unknown

Trust: 0.3

sources: BID: 88701

SOURCES

db:CERT/CCid:VU#913704
db:VULHUBid:VHN-4253
db:BIDid:88701
db:CNNVDid:CNNVD-200111-048
db:NVDid:CVE-2001-1449

LAST UPDATE DATE

2024-11-22T23:13:30.972000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#913704date:2002-12-06T00:00:00
db:VULHUBid:VHN-4253date:2017-07-11T00:00:00
db:BIDid:88701date:2001-11-28T00:00:00
db:CNNVDid:CNNVD-200111-048date:2005-10-20T00:00:00
db:NVDid:CVE-2001-1449date:2024-11-20T23:37:43.277

SOURCES RELEASE DATE

db:CERT/CCid:VU#913704date:2001-11-21T00:00:00
db:VULHUBid:VHN-4253date:2001-11-28T00:00:00
db:BIDid:88701date:2001-11-28T00:00:00
db:CNNVDid:CNNVD-200111-048date:2001-11-28T00:00:00
db:NVDid:CVE-2001-1449date:2001-11-28T05:00:00