CVE-2002-0661

Description

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

How to fix CVE-2002-0661

To remediate CVE-2002-0661, upgrade the affected package to a fixed version below.

• Debian/apache2—upgrade to 2.0.40 or later

Is CVE-2002-0661 being exploited?

Likely — EPSS is 91.3%, placing CVE-2002-0661 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2.0.40

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-0661