Description

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

Remediation

References

CVE-2002-1592

Related Vulnerabilities

WordPress Plugin InfiniteWP Client Security Bypass (1.9.4.4)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7199)

WordPress Plugin Car Demon Multiple Vulnerabilities (1.7.97)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)

Internet Information Services Other Vulnerability (CVE-2001-0333)

Severity

Medium

Classification

CVE-2002-1592

Tags

Missing Update Known Vulnerabilities