Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0240

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0240
Last Modified 05 Sep 2008 04:27:31
Published 29 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0240

Summary

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

Vulnerable Systems

Application

  • Apache Http Server 2.0.28


References

BID - 4057

XF - apache-php-options-information(8119)

BUGTRAQ - 20020207 PHP Advisory #2


Last Updated: 27 May 2016 10:36:50