PT-2002-1310 · Apache+1 · Apache+1

Published

2002-05-03

Updated

2016-10-18

CVE-2002-0240

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP (affected versions not specified)

Description The issue allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method. This is possible when PHP is installed with Apache and configured to search for index.php as a default web page, as the resulting error message reveals the pathname.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0240

Affected Products

Apache

Php

PT-2002-1310 · Apache+1 · Apache+1

CVE-2002-0240

Related Identifiers

Affected Products

References · 5