ID CVE-2002-1592
Summary The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
  • Apache Software Foundation Apache HTTP Server 2.0.28
    cpe:2.3:a:apache:http_server:2.0.28
  • Apache Software Foundation Apache HTTP Server 2.0.32
    cpe:2.3:a:apache:http_server:2.0.32
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
CVSS
Base: 5.0 (as of 09-05-2005 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
refmap via4
bid 5256
cert-vn VU#165803
confirm http://www.apache.org/dist/httpd/CHANGES_2.0
xf apache-aplogrerror-path-disclosure(9623)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.36: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 05-09-2008 - 16:31
Published 06-05-2002 - 00:00
Last modified 15-08-2019 - 05:15
Back to Top