Apache – CVE-2002-0654

Home » Blog » Apache – CVE-2002-0654

Description

Kayran has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.

This vulnerability allow attackers to determine the full pathname of the server.

That can be done in two ways:

By sending a request for a .var file, which then leaks the pathname in the error message as a response.
By abusing an error message that occurs when a script (child process) cannot be invoked.

That will lead to information being disclosed.

Recommendation

To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0654

< Return to all Vulnerabilities

SOC Analysts – The Front line

It is important to know that being vigilant is a very important trait in the field of information security, in this article we will discuss

WAF – Web Application Firewall

WAF, which stands for Web Application Firewall, helps protect web-based applications by blocking and preventing many common types of attacks which would otherwise have been