Description
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
Exploits (1)
References (3)
Core 3
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8011.php
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/252761
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3976
Scores
EPSS
0.0820
EPSS Percentile
92.3%
Details
Status
published
Products (33)
steve_kneizys/agora.cgi
3.2
steve_kneizys/agora.cgi
3.2a
steve_kneizys/agora.cgi
3.2b
steve_kneizys/agora.cgi
3.2c
steve_kneizys/agora.cgi
3.2d
steve_kneizys/agora.cgi
3.2e
steve_kneizys/agora.cgi
3.2f
steve_kneizys/agora.cgi
3.2g
steve_kneizys/agora.cgi
3.2h
steve_kneizys/agora.cgi
3.2i
... and 23 more
Published
May 16, 2002
Tracked Since
Feb 18, 2026