There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file.
A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log:
*) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to explicitly tell the server that warning messages should be sent to the client in addition to being recorded in the error log. Prior to this change, ap_log_rerror() always sent warning messages to the client. In one case, a faulty CGI script caused the server to send a warning message to the client that contained the full path to the CGI script. This could be considered a minor security exposure. [Bill Stoddard]
This vulnerability may disclose sensitive information.
Sensitive information may be disclosed.
if you are running version 2.0, upgrade to Apache 2.036 or later.
No information available. If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Our thanks to the Apache group for their change log.
This document was written by Shawn V Hernan, based upon information in the Apache Change Log.