Description
Kayran has detected that the “ap_log_rerror” function in the version of Apache being used returns warning messages to end users. Also known as CVE-2002-1592.
These messages are being returned in addition to being recorded in the error log.
These error messages could include the full path for the server.
Remote attackers might abuse it to obtain sensitive information and initiate attacks against it.
Severity/Score
CVSS Version 2.0 – 5.0 Medium
Recommendation
To prevent CVE-2002-1592, update the version of the Apache httpd being used to 2.0.36 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1592