Description
Cytrix has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.
This vulnerability allow attackers to determine the full pathname of the server.
That can be done in two ways:
- By sending a request for a .var file, which then leaks the pathname in the error message as a response.
- By abusing an error message that occurs when a script (child process) cannot be invoked.
That will lead to information being disclosed.
Recommendation
To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.