Vulnerability Note VU#910713
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
There is an information leakage in Apache that results from an interaction between WebDAV and CGI.
Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST request is sent to a CGI script on an affected server, this vulnerability will cause the source code of the script to be returned to the attacker.
Remote attackers can obtain the source code of CGI scripts located on affected servers.
Apply a patch from your vendor
This vulnerability was addressed in Apache version 2.0.43, available at http://httpd.apache.org/download.cgi. For vendor-specific information regarding this issue, please see the Systems Affected section of this document.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apache||Affected||26 Sep 2002||29 Oct 2002|
|Hewlett-Packard Company||Affected||28 Oct 2002||19 Nov 2002|
CVSS Metrics (Learn More)
This document was written by Jeffrey P. Lanza and is based upon information provided by Apache.org.
- CVE IDs: CAN-2002-1156
- Date Public: 26 Sep 2002
- Date First Published: 29 Oct 2002
- Date Last Updated: 19 Nov 2002
- Severity Metric: 16.87
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.