CVE-2002-0661

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-21697 remote windows verified text · 1 KB

Auriemma Luigi · 2002-08-09

Apache 2.0 - Encoded Backslash Directory Traversal

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/5434/info

A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms (potentially including Apache compiled with CYGWIN). Platforms that may be affected by this include Windows, OS2, and Netware.

The issue is related to the failure to properly process the backslash '\' character, which may be used as a directory delimiter under these platforms. By using the URL encoded sequence '%2e%2e%5c', the web root may be escaped.

Exploitation may result in the disclosure of sensitive information. Additionally, arbitrary local programs may be executed with attacker supplied parameters if directory traversal techniques are used to escape the cgi-bin directory.

http://127.0.0.1/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
http://127.0.0.1/cgi-bin/%5c%2e%2e%5cbin%5cwintty.exe?%2dt+HELLO

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2.0.40`
sid	Fixed	`2.0.40`
forky	Fixed	`2.0.40`
bullseye	Fixed	`2.0.40`
bookworm	Fixed	`2.0.40`

References

https://security-tracker.debian.org/tracker/CVE-2002-0661

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.