PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
CVSS v2.0 Score
5.0
/ 10.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Information
- Published
- 29 mai 2002
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
apache http serverAll Apache HTTP Server CVEs →
Versions : 2.0.28
Weaknesses (CWE)
NVD-CWE-Other
References (6)
- http://www.securityfocus.com/bid/4057Vendor Advisory
- http://www.securityfocus.com/bid/4057Vendor Advisory
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.