header-logo
Suggest Exploit
vendor:
HTTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
Path Disclosure
200
CWE
Product Name: HTTP Server
Affected Version From: Apache 2.0.x
Affected Version To: Apache 2.0.x
Patch Exists: NO
Related CWE: N/A
CPE: a:apache:http_server:2.0.x
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Path Disclosure Vulnerability in Apache 2.0.x

It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files (such as error documents) that have been mapped by the server by type but fail to be served due to failure of MIME negotiation. When this request is made, the server will respond with the full path to the requested file.

Mitigation:

Ensure that the server is configured to not reveal the full path of requested files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5485/info

A path disclosure vulnerability has been reported in Apache 2.0.x.

It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files (such as error documents) that have been mapped by the server by type but fail to be served due to failure of MIME negotiation.

http://target/error/HTTP_NOT_FOUND.html.var

Navigation

Suggest Exploit

Services By CQR