← CVECheck
HomeVulnerabilities

CVE-2002-0240 — MEDIUM severity vulnerability (PHP, when installed with Apache and configured to search for)

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

CVE IDCVE-2002-0240
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-05-29
Last modified2026-04-16
DescriptionPHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →