CVE-2002-0654

Apache 2.0-2.0.39 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0654. PoCs published by Auriemma Luigi.

AI-analyzed exploit summary This is a writeup describing a path disclosure vulnerability in Apache 2.0.x. The vulnerability can be triggered by requesting specific file types, such as error documents, that fail MIME negotiation, leading to information leakage.

Description

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Auriemma Luigi · textremotewindows
https://www.exploit-db.com/exploits/21719

This is a writeup describing a path disclosure vulnerability in Apache 2.0.x. The vulnerability can be triggered by requesting specific file types, such as error documents, that fail MIME negotiation, leading to information leakage.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache 2.0.x
No auth needed
Prerequisites: A vulnerable Apache 2.0.x server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9876.php
Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.0
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5485
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9875.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5486
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102951160411052&w=2

Scores

EPSS 0.5868
EPSS Percentile 99.0%

Details

Status published
Products (9)
apache/http_server 2.0
apache/http_server 2.0.28 (3 CPE variants)
apache/http_server 2.0.32 (2 CPE variants)
apache/http_server 2.0.34 beta
apache/http_server 2.0.35
apache/http_server 2.0.36
apache/http_server 2.0.37
apache/http_server 2.0.38
apache/http_server 2.0.39
Published Sep 05, 2002
Tracked Since Feb 18, 2026