Apache – CVE-2002-0654


Kayran has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.

This vulnerability allow attackers to determine the full pathname of the server.

That can be done in two ways:

  1. By sending a request for a .var file, which then leaks the pathname in the error message as a response.
  2. By abusing an error message that occurs when a script (child process) cannot be invoked.

That will lead to information being disclosed.


To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.



< Return to all Vulnerabilities