PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-05-03T04:00:00
Updated: 2024-08-08T02:42:28.492Z
Reserved: 2002-05-01T00:00:00
Link: CVE-2002-0240
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-05-29T04:00:00.000
Modified: 2024-11-20T23:38:37.903
Link: CVE-2002-0240
Redhat
No data.