Unrated severityNVD Advisory· Published Feb 7, 2003· Updated Jun 16, 2026

CVE-2003-0017

Description

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

Affected products

Apache/HTTP Server8 versions
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

CVE-2003-0017

Description

Affected products

Patches

Vulnerability mechanics

References

News mentions