Apache – CVE-2002-0654

Description

Cytrix has detected that the Version of Apache being used could be vulnerable and expose the Server’s pathname. Also known as CVE-2002-0654.

This vulnerability allow attackers to determine the full pathname of the server.

That can be done in two ways:

By sending a request for a .var file, which then leaks the pathname in the error message as a response.
By abusing an error message that occurs when a script (child process) cannot be invoked.
That will lead to information being disclosed.

Recommendation

To fix CVE-2002-0654, upgrade the version of Apache HTTP Server being used to 2.0.40 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0654