Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0654

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0654
Last Modified 10 Sep 2008 03:12:39
Published 05 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0654

Summary

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39


References

BUGTRAQ - 20020816 Apache 2.0.39 directory traversal and path disclosure bug

BID - 5486

BID - 5485

XF - apache-cgi-path-disclosure(9876)

XF - apache-var-path-disclosure(9875)

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_2.0


Last Updated: 27 May 2016 10:37:00