Signature Detail
Short Name |
HTTP:APACHE:2.0-CGI-PATH-DISC |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache 2.0 CGI Path Disclosure |
Release Date |
2012/11/28 |
Update Number |
2206 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache 2.0 CGI Path Disclosure
This signature detects attempts to exploit a known vulnerability against Apache version 2.0 through 2.0.39. A successful attack can lead to unauthorized path disclosure. This is an old issue and newer versions of Apache are unaffected by this vulnerability.
Extended Description
A path disclosure vulnerability has been reported in Apache 2.0.x. Apache will disclose the absolute path to a script whenever the server fails to invoke the script. If an attacker can create circumstances where the server will fail to invoke the script, then path information can be ascertained. Additionally, this information may be disclosed to arbitrary web users whenever this type of error occurs.
Affected Products
- Apache Software Foundation Apache 2.0.0
- Apache Software Foundation Apache 2.0.28
- Apache Software Foundation Apache 2.0.28 Beta
- Apache Software Foundation Apache 2.0.28 -BETA
- Apache Software Foundation Apache 2.0.32
- Apache Software Foundation Apache 2.0.32 -BETA
- Apache Software Foundation Apache 2.0.34 -BETA
- Apache Software Foundation Apache 2.0.35
- Apache Software Foundation Apache 2.0.36
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
References
- BugTraq: 5486
- CVE: CVE-2002-0654