ID CVE-2002-0249
Summary PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0.28 Beta
    cpe:2.3:a:apache:http_server:2.0.28:beta
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id PHP4_PATH_DISCLOSURE.NASL
description The version of Apache running on the remote Windows host will reveal the physical path of the PHP cgi binary when sent a specially crafted HTTP GET request.
last seen 2019-01-16
modified 2018-11-15
plugin id 11008
published 2002-06-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11008
title Apache on Windows php.exe Malformed Request Path Disclosure
refmap via4
bid 4056
bugtraq 20020207 Security Advisory - #1
xf php-123-path-information(8121)
Last major update 17-10-2016 - 22:17
Published 29-05-2002 - 00:00
Back to Top