CVE-2002-0240 — Apache Http Server vulnerability
3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.7%
top 17.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 29
Latest updateApr 30
Description
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9