Vulnerability Description
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.0.28 |
References
- http://marc.info/?l=bugtraq&m=101311746611160&w=2
- http://www.iss.net/security_center/static/8119.php
- http://www.securityfocus.com/bid/4057Vendor Advisory
- http://marc.info/?l=bugtraq&m=101311746611160&w=2
- http://www.iss.net/security_center/static/8119.php
- http://www.securityfocus.com/bid/4057Vendor Advisory
FAQ
What is CVE-2002-0240?
CVE-2002-0240 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which revea...
How severe is CVE-2002-0240?
CVE-2002-0240 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0240?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.