Lucene search

[email protected]CVE-2002-0253

HistoryMay 29, 2002 - 4:00 a.m.

CVE-2002-0253

2002-05-2904:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0253

php

vulnerability

remote attackers

error display

path disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

PHP, when not configured with the “display_errors = Off” setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Affected configurations

NVD

Node

phpphpMatch4.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.1.0

phpphpMatch4.1.2

CPENameOperatorVersion
php:phpphpeq4.0
php:phpphpeq4.0.1
php:phpphpeq4.0.3
php:phpphpeq4.0.4
php:phpphpeq4.0.5
php:phpphpeq4.0.6
php:phpphpeq4.1.0
php:phpphpeq4.1.2

CPE	Name	Operator	Version
php:php	php	eq	4.0
php:php	php	eq	4.0.1
php:php	php	eq	4.0.3
php:php	php	eq	4.0.4
php:php	php	eq	4.0.5
php:php	php	eq	4.0.6
php:php	php	eq	4.1.0
php:php	php	eq	4.1.2

References

marc.info/?l=bugtraq&m=101318944130790&w=2

www.iss.net/security_center/static/8122.php

www.securityfocus.com/bid/4063

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2002-0253

nvd1 cvelist1