Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-08-20T04:00:00
Updated: 2024-08-08T02:56:38.387Z
Reserved: 2002-07-02T00:00:00
Link: CVE-2002-0654
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-09-05T04:00:00.000
Modified: 2024-11-20T23:39:33.833
Link: CVE-2002-0654
Redhat
No data.