Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
| Software | From | Fixed in |
|---|---|---|
| apache / http_server | 0.8.11 | 0.8.11.x |
| apache / http_server | 0.8.14 | 0.8.14.x |
| apache / http_server | 1.0 | 1.0.x |
| apache / http_server | 1.0.2 | 1.0.2.x |
| apache / http_server | 1.0.3 | 1.0.3.x |
| apache / http_server | 1.0.5 | 1.0.5.x |
| apache / http_server | 1.1 | 1.1.x |
| apache / http_server | 1.1.1 | 1.1.1.x |
| apache / http_server | 1.2 | 1.2.x |
| apache / http_server | 1.2.5 | 1.2.5.x |
| apache / http_server | 1.3 | 1.3.x |