CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.6%

CVSS Severity

CVSS v2 Score 5.0

References

http://marc.info/?l=bugtraq&m=101311698909691&w=2
http://www.iss.net/security_center/static/8121.php
http://www.securityfocus.com/bid/4056
http://marc.info/?l=bugtraq&m=101311698909691&w=2
http://www.iss.net/security_center/static/8121.php
http://www.securityfocus.com/bid/4056

Products affected by CVE-2002-0249

Apache » Http Server » Version: 2.0.28

cpe:2.3:a:apache:http_server:2.0.28

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0249

Products

Pricing

Contact Us