Sensitive Information Disclosure in Apache 2.0 through 2.035

Sensitive Information Disclosure in Apache 2.0 through 2.035

CVE-2002-1592 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

Learn more about our Cis Benchmark Audit For Apache Http Server.