CVE-2002-1592
EPSS 5.5%
Description
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
How to fix CVE-2002-1592
To remediate CVE-2002-1592, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.0.36 or later
Is CVE-2002-1592 being exploited?
Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.0.36