Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0240


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0240
Last Modified 05 Sep 2008 04:27:31
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

Vulnerable Systems


  • Apache Http Server 2.0.28


BID - 4057

XF - apache-php-options-information(8119)

BUGTRAQ - 20020207 PHP Advisory #2

Last Updated: 27 May 2016 10:36:50