Apache 2.0 - Full Path Disclosure

Author: Auriemma Luigi
type: remote
platform: windows
port: 
date_added: 2002-08-16 
date_updated: 2012-10-04 
verified: 1 
codes: CVE-2002-0654;OSVDB-4075 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/5485/info

A path disclosure vulnerability has been reported in Apache 2.0.x.

It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files (such as error documents) that have been mapped by the server by type but fail to be served due to failure of MIME negotiation.

http://target/error/HTTP_NOT_FOUND.html.var