Path Disclosure Vulnerability in PHP with Apache Configuration

Path Disclosure Vulnerability in PHP with Apache Configuration

CVE-2002-0240 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

Learn more about our Cis Benchmark Audit For Apache Http Server.