The ap_log_rerror function in Apache 2.0 up to and including 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote malicious users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.0.35 |
||
apache http server 2.0.32 |
||
apache http server 2.0.28 |
||
apache http server 2.0 |