CVE-2002-0240

Apache HTTP Server - Information Disclosure via HTTP OPTIONS Method

Title source: llm
STIX 2.1

Description

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4057
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101311746611160&w=2
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8119.php

Scores

EPSS 0.0778
EPSS Percentile 94.0%

Details

Status published
Products (1)
apache/http_server 2.0.28 beta
Published May 29, 2002
Tracked Since Feb 18, 2026