Apache – CVE-2002-0654

Description

Cytrix has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.

This vulnerability allow attackers to determine the full pathname of the server.

That can be done in two ways:

  1. By sending a request for a .var file, which then leaks the pathname in the error message as a response.
  2. By abusing an error message that occurs when a script (child process) cannot be invoked.

That will lead to information being disclosed.

Recommendation

To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0654

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »