Search for vulnerabilities
Vulnerability details: VCID-w5bc-qwrv-aaap
Vulnerability ID VCID-w5bc-qwrv-aaap
Aliases CVE-2002-0654
Summary Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13208 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13557 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13557 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.13557 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.74248 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
epss 0.77327 https://api.first.org/data/v1/epss?cve=CVE-2002-0654
apache_httpd low https://httpd.apache.org/security/json/CVE-2002-0654.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2002-0654
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=102951160411052&w=2
https://api.first.org/data/v1/epss?cve=CVE-2002-0654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0654
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.iss.net/security_center/static/9875.php
http://www.iss.net/security_center/static/9876.php
http://www.securityfocus.com/bid/5485
http://www.securityfocus.com/bid/5486
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
CVE-2002-0654 https://httpd.apache.org/security/json/CVE-2002-0654.json
CVE-2002-0654 https://nvd.nist.gov/vuln/detail/CVE-2002-0654
CVE-2002-0654;OSVDB-4075 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/21719.txt
CVE-2002-0654;OSVDB-4075 Exploit https://www.securityfocus.com/bid/5485/info
Data source Exploit-DB
Date added Aug. 16, 2002
Description Apache 2.0 - Full Path Disclosure
Ransomware campaign use Known
Source publication date Aug. 16, 2002
Exploit type remote
Platform windows
Source update date Oct. 4, 2012
Source URL https://www.securityfocus.com/bid/5485/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2002-0654
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95698
EPSS Score 0.13208
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.