Vulnerability Description
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3.11 |
References
- http://www.iss.net/security_center/static/7815.php
- http://www.securiteam.com/windowsntfocus/5ZP030U60U.htmlExploit
- http://www.securityfocus.com/bid/3786
- http://www.iss.net/security_center/static/7815.php
- http://www.securiteam.com/windowsntfocus/5ZP030U60U.htmlExploit
- http://www.securityfocus.com/bid/3786
FAQ
What is CVE-2002-2029?
CVE-2002-2029 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php...
How severe is CVE-2002-2029?
CVE-2002-2029 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2029?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.