PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote malicious users to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.0.28 |