CVE-2002-0249 in HTTP Serverinfo

Summary

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

ID	Vulnerability	CWE	Exp	Cou	CVE
18173	Apache HTTP Server CGI Module php.exe Path information disclosure	200	Proof-of-Concept	Official fix	CVE-2002-0249

Disclosure

05/29/2002

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0249
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0249
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0249/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!