CVE-2001-0108 - OpenCVE

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mandrakesoft	Mandrake Linux
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php:4.0:::::::*
	cpe:2.3:a:php:php:4.0.1:::::::*
	cpe:2.3:a:php:php:4.0.3:::::::*
	cpe:2.3:a:php:php:4.0.4:::::::*

Configuration 2 [-]

cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
http://marc.info/?l=bugtraq&m=97957961212852
http://www.debian.org/security/2001/dsa-020
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
http://www.redhat.com/support/errata/RHSA-2000-136.html
http://www.securityfocus.com/bid/2206	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5940

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-09-18T04:00:00

Updated: 2004-09-02T09:00:00

Reserved: 2001-02-06T00:00:00

Link: CVE-2001-0108

JSON object: View

NVD Information

Status : Modified

Published: 2001-03-12T05:00:00.000

Modified: 2017-10-10T01:29:35.467

Link: CVE-2001-0108

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-020", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2001/dsa-020"}, {"name": "MDKSA-2001:013", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3"}, {"name": "php-htaccess-unauth-access(5940)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5940"}, {"name": "CLA-2001:373", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373"}, {"name": "2206", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/2206"}, {"name": "20010112 PHP Security Advisory - Apache Module bugs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=97957961212852"}, {"name": "RHSA-2000:136", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2000-136.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-020", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2001/dsa-020"}, {"name": "MDKSA-2001:013", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3"}, {"name": "php-htaccess-unauth-access(5940)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5940"}, {"name": "CLA-2001:373", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373"}, {"name": "2206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2206"}, {"name": "20010112 PHP Security Advisory - Apache Module bugs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=97957961212852"}, {"name": "RHSA-2000:136", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2000-136.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0108", "datePublished": "2001-09-18T04:00:00", "dateReserved": "2001-02-06T00:00:00", "dateUpdated": "2004-09-02T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested."}], "id": "CVE-2001-0108", "lastModified": "2017-10-10T01:29:35.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-03-12T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=97957961212852"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2001/dsa-020"}, {"source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2000-136.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/2206"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5940"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}