Apache and PHP OPTIONS request reveals "php.exe" path
|apache-php-options-information (8119)||Low Risk|
Apache HTTP Server could allow a remote attacker to obtain sensitive path information. A remote attacker could send an OPTIONS request to obtain the path of the 'php.exe' file and possibly obtain sensitive information.
No remedy available as of September 1, 2014.
- BugTraq Mailing List, Thu Feb 07 2002 - 06:03:00 CST: PHP Advisory #2.
- BID-4057: Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
- CVE-2002-0240: PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
- OSVDB ID: 3565: PHP OPTIONS Path Disclosure
- Apache HTTP Server 2.0.28 Beta
- PHP PHP
Feb 07, 2002