Apache – CVE-2002-0654

Description

Kayran has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.

This vulnerability allow attackers to determine the full pathname of the server.

That can be done in two ways:

  1. By sending a request for a .var file, which then leaks the pathname in the error message as a response.
  2. By abusing an error message that occurs when a script (child process) cannot be invoked.

That will lead to information being disclosed.

Recommendation

To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0654

< Return to all Vulnerabilities

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »