CVE-2002-0249 — Apache Http Server vulnerability
3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.8%
top 13.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 29
Latest updateApr 30
Description
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9