Apache httpd 2.0 CGI Error Path Disclosure Vulnerability

Apache httpd 2.0 CGI Error Path Disclosure Vulnerability

A minor information disclosure vulnerability has been reported in Apache httpd versions 2.0 to 2.0.35. A bug in the implementation of the ap_log_rerror() procedure, used to log server errors, may result in disclosure of absolute path information to remote clients. An absolute path on the webseerver may be considered sensitive information. According to Apache, the vulnerability can be triggered by faulty CGI scripts.