← CVECheck
HomeVulnerabilities

CVE-2003-1138 — MEDIUM severity vulnerability (The default configuration of Apache 2.0.40, as shipped with)

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).

CVE IDCVE-2003-1138
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2003-10-27
Last modified2026-04-16
DescriptionThe default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →