Vulnerability Name: | CCN-8026 | ||||||
Published: | 2001-11-20 | ||||||
Updated: | 2001-11-20 | ||||||
Summary: | The default installation of Apache HTTP Server on all current could disclose sensitive information about the Web server. A remote attacker could send a specially-crafted HTTP request to access these example scripts and obtain sensitive information about server configuration, including environment variables, path names, and internal addresses. An attacker could use this to launch further attacks against the affected server. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
Vulnerability Consequences: | Obtain Information | ||||||
References: | Source: CCN Type: US-CERT VU#898480 MandrakeSoft Mandrake Linux Apache default configuration sample programs disclose server information Source: CCN Type: ProCheckUp Security Bulletin PR01-07 Linux-Mandrake Apache default configuration sample programs disclose server information. Source: XF Type: UNKNOWN mandrake-apache-information-disclosure(8026) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |