Vulnerability in N/a
CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error mes…
EPSS: 0.750 (98.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- apache-cgi-path-disclosure(9876) (vdb-entry, x_refsource_XF)
- www.apache.org/dist/httpd/CHANGES_2.0 (x_refsource_CONFIRM)
- 5485 (vdb-entry, x_refsource_BID)
- apache-var-path-disclosure(9875) (vdb-entry, x_refsource_XF)
- 5486 (vdb-entry, x_refsource_BID)
- 20020816 Apache 2.0.39 directory traversal and path disclosure bug (mailing-list, x_refsource_BUGTRAQ)
- [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
- [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
- [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
- [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)