Lucene search
MitreCVE-2002-2029HistoryJul 14, 2005 - 4:00 a.m.
CVE-2002-2029
2005-07-1404:00:00
mitre
web.nvd.nist.gov
53
php
windows
apache
scriptalias
remote attackers
security vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.703
Percentile
98.1%
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Affected configurations
Node
apachehttp_serverMatch1.3.11
ORapachehttp_serverMatch1.3.12
ORapachehttp_serverMatch1.3.13
ORapachehttp_serverMatch1.3.14
ORapachehttp_serverMatch1.3.15
ORapachehttp_serverMatch1.3.16
ORapachehttp_serverMatch1.3.17
ORapachehttp_serverMatch1.3.18
ORapachehttp_serverMatch1.3.19
ORapachehttp_serverMatch1.3.20
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | http_server | 1.3.11 | cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* |
| apache | http_server | 1.3.12 | cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* |
| apache | http_server | 1.3.13 | cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* |
| apache | http_server | 1.3.14 | cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* |
| apache | http_server | 1.3.15 | cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* |
| apache | http_server | 1.3.16 | cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:* |
| apache | http_server | 1.3.17 | cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* |
| apache | http_server | 1.3.18 | cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* |
| apache | http_server | 1.3.19 | cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* |
| apache | http_server | 1.3.20 | cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* |
Related
openvas
openvas
PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
2005-11-03 00:00:00
PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability
2005-11-03 00:00:00
exploitdb
exploitdb
Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure
2002-01-04 00:00:00
nessus
nessus
Apache Win32 ScriptAlias php.exe Arbitrary File Access
2002-01-25 00:00:00
nvd
nvd
CVE-2002-2029
2002-12-31 05:00:00
cvelist
cvelist
CVE-2002-2029
2005-07-14 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.703
Percentile
98.1%
Related for CVE-2002-2029