CVE-2002-1592

CVSS 5.0 - MEDIUM

Description

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.

Affected Products

Vendor	Product	Version
apache	http_server	`2.0`
apache	http_server	`2.0.28`
apache	http_server	`2.0.32`
apache	http_server	`2.0.35`

References

http://www.apache.org/dist/httpd/CHANGES_2.0

http://www.iss.net/security_center/static/9623.php

http://www.kb.cert.org/vuls/id/165803

http://www.securityfocus.com/bid/5256

https://lists.apache.org/thread.html/54a42d4b01968...

https://lists.apache.org/thread.html/5df9bfb86a3b0...

https://lists.apache.org/thread.html/r0276683d8e1e...

https://lists.apache.org/thread.html/r2cb985de917e...

https://lists.apache.org/thread.html/r5001ecf3d6b2...

https://lists.apache.org/thread.html/r7035b7c9091c...

https://lists.apache.org/thread.html/r8828e649175d...

https://lists.apache.org/thread.html/r9e8622254184...

https://lists.apache.org/thread.html/r9f93cf6dde30...

https://lists.apache.org/thread.html/rd00b45b93fda...

https://lists.apache.org/thread.html/re028d61fe612...

https://lists.apache.org/thread.html/rf6449464fd8b...

http://www.apache.org/dist/httpd/CHANGES_2.0

http://www.iss.net/security_center/static/9623.php

http://www.kb.cert.org/vuls/id/165803

http://www.securityfocus.com/bid/5256

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2002-1592
Published:: 2002-05-06
Modified:: 2026-04-16
CVSS Score:: 5.0
Severity:: MEDIUM
Vector:: AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Vendors

apache

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL