Apache 2.0 CGI Path Disclosure Vulnerability

A path disclosure vulnerability has been reported in Apache 2.0.x.

Apache will disclose the absolute path to a script whenever the server fails to invoke the script. If an attacker can create circumstances where the server will fail to invoke the script, then path information can be ascertained. Additionally, this information may be disclosed to arbitrary web users whenever this type of error occurs.


Privacy Statement
Copyright 2010, SecurityFocus