Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1592

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1592
Last Modified 05 Sep 2008 04:31:00
Published 06 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1592

Summary

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.35


References

CERT-VN - VU#165803

BID - 5256

XF - apache-aplogrerror-path-disclosure(9623)

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_2.0


Last Updated: 27 May 2016 10:37:24