CVE-2002-0654

Name of the Vulnerable Software and Affected Versions Apache versions 2.0 through 2.0.39

Description The issue allows remote attackers to determine the full pathname of the server. This can occur through a request for a .var file, which leaks the pathname in the resulting error message. Additionally, an error message that occurs when a script (child process) cannot be invoked also reveals the full path of the script. This exposure is present in multiview type map negotiation, such as the default error documents, where a module reports the full path of the typemapped .var file when multiple documents or no documents could be served.

Recommendations For Apache versions 2.0 through 2.0.39, consider updating to a version that addresses this issue, as the current version allows remote attackers to determine the server's full pathname. At the moment, there is no information about a newer version that contains a fix for this vulnerability.