Vulnerability Details CVE-2002-2029
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.431
EPSS Ranking 97.4%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2002-2029
-
cpe:2.3:a:apache:http_server:1.3.11
-
cpe:2.3:a:apache:http_server:1.3.12
-
cpe:2.3:a:apache:http_server:1.3.13
-
cpe:2.3:a:apache:http_server:1.3.14
-
cpe:2.3:a:apache:http_server:1.3.15
-
cpe:2.3:a:apache:http_server:1.3.16
-
cpe:2.3:a:apache:http_server:1.3.17
-
cpe:2.3:a:apache:http_server:1.3.18
-
cpe:2.3:a:apache:http_server:1.3.19
-
cpe:2.3:a:apache:http_server:1.3.20