CVE-2002-1592

Name of the Vulnerable Software and Affected Versions Apache versions 2.0 through 2.035

Description The issue allows remote attackers to obtain sensitive information when a CGI application encounters an error. Specifically, error messages sent to the client include the full path for the server. This could reveal the path to a CGI script, presenting a minor security exposure. In some cases, warning messages could get returned to end users in addition to being recorded in the error log.

Recommendations For Apache versions 2.0 through 2.035, consider restricting access to error messages and warning logs to minimize the risk of sensitive information disclosure until a fix is available. As a temporary workaround, modify the ap log rerror function to exclude the full server path from error messages sent to clients.