CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1534
https://notcve.org/view.php?id=CVE-2001-1534
31 Dec 2001 — mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. • http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html • CWE-384: Session Fixation •
CVSS: 9.1EPSS: 2%CPEs: 16EXPL: 0CVE-2001-1449
https://notcve.org/view.php?id=CVE-2001-1449
28 Nov 2001 — The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. • http://www.kb.cert.org/vuls/id/913704 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0730
https://notcve.org/view.php?id=CVE-2001-0730
30 Oct 2001 — split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0729
https://notcve.org/view.php?id=CVE-2001-0729
12 Oct 2001 — Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. • http://secunia.com/advisories/23794 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2001-0766 – Apache 1.3.14 - Mac File Protection Bypass
https://notcve.org/view.php?id=CVE-2001-0766
12 Oct 2001 — Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. • https://www.exploit-db.com/exploits/20911 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 5.3EPSS: 85%CPEs: 1EXPL: 1CVE-2001-0731 – Apache 1.3 - Directory Index Disclosure
https://notcve.org/view.php?id=CVE-2001-0731
01 Oct 2001 — Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. • https://www.exploit-db.com/exploits/21002 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2001-1072
https://notcve.org/view.php?id=CVE-2001-1072
31 Aug 2001 — Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. • http://www.apacheweek.com/issues/02-02-01#security •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2001-1342
https://notcve.org/view.php?id=CVE-2001-1342
12 May 2001 — Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. • http://bugs.apache.org/index.cgi/full/7522 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2001-0122 – IBM HTTP Server 1.3 - AfpaCache/WebSphereNet.Data Denial of Service
https://notcve.org/view.php?id=CVE-2001-0122
13 Mar 2001 — Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. • https://www.exploit-db.com/exploits/20531 •
CVSS: 5.3EPSS: 34%CPEs: 5EXPL: 6CVE-2001-0925 – Apache 1.3 - Artificially Long Slash Path Directory Listing
https://notcve.org/view.php?id=CVE-2001-0925
12 Mar 2001 — The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. • https://www.exploit-db.com/exploits/20692 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •