| Vulnerability Name: | CVE-2002-1156 (CCN-10499) |
| Assigned: | 2002-09-26 |
| Published: | 2002-09-26 |
| Updated: | 2021-06-06 |
| Summary: | Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0210-224
SSRT2393 Apache Vulnerabilities (rev. 1)
Source: MITRE
Type: CNA
CVE-2002-1156
Source: HP
Type: UNKNOWN
HPSBUX0210-224
Source: CCN
Type: Apache change log
Changes with Apache 2.0.43
Source: CONFIRM
Type: Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.0
Source: CCN
Type: ApacheWeek, Issue 311, 4th October 2002
Security Reports
Source: CONFIRM
Type: Vendor Advisory
http://www.apacheweek.com/issues/02-10-04
Source: CCN
Type: US-CERT VU#910713
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
Source: CERT-VN
Type: US Government Resource
VU#910713
Source: CCN
Type: OSVDB ID: 9702
Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
Source: BID
Type: UNKNOWN
6065
Source: CCN
Type: BID-6065
Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
Source: XF
Type: UNKNOWN
apache-webdav-cgi-source(10499)
Source: XF
Type: UNKNOWN
apache-webdav-cgi-source(10499)
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*AND cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |