Description
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Greg's High Performance SEO Cross-Site Scripting (1.6.1)
MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)
Oracle Database Server Other Vulnerability (CVE-2005-3437)
MySQL CVE-2013-1570 Vulnerability (CVE-2013-1570)
WordPress Plugin User Profile Picture Information Disclosure (2.4.0)