{"vuid":"VU#910713","idnumber":"910713","name":"Apache discloses source code via POST requests to a location with WebDAV and CGI enabled","keywords":["Apache","source code disclosure","crafted POST request","WebDAV","CGI"],"overview":"There is an information leakage in Apache that results from an interaction between WebDAV and CGI.","clean_desc":"Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST request is sent to a CGI script on an affected server, this vulnerability will cause the source code of the script to be returned to the attacker.","impact":"Remote attackers can obtain the source code of CGI scripts located on affected servers.","resolution":"Apply a patch from your vendor This vulnerability was addressed in Apache version 2.0.43, available at http://httpd.apache.org/download.cgi. For vendor-specific information regarding this issue, please see the Systems Affected section of this document.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jeffrey P. Lanza and is based upon information provided by Apache.org.","public":["http://www.apacheweek.com/issues/02-10-04","http://www.apache.org/dist/httpd/CHANGES_2.0","http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13025","http://www.securityfocus.com/bid/6065"],"cveids":["CVE-2002-1156"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-10-28T22:05:16Z","publicdate":"2002-09-26T00:00:00Z","datefirstpublished":"2002-10-29T23:53:49Z","dateupdated":"2002-11-19T22:19:02Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"5","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"16.875","cam_scorecurrentwidelyknown":"19.6875","cam_scorecurrentwidelyknownexploited":"25.3125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":16.875,"vulnote":null}