Vulnerabilities > CVE-2002-2029 - Remote File Disclosure vulnerability in Apache Win32 PHP.EXE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Exploit-Db
description | Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability. CVE-2002-2029. Remote exploit for windows platform |
id | EDB-ID:21204 |
last seen | 2016-02-02 |
modified | 2002-01-04 |
published | 2002-01-04 |
reporter | Paul Brereton |
source | https://www.exploit-db.com/download/21204/ |
title | Apache 1.3.20 - Win32 PHP.EXE Remote File Disclosure Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHP_APACHE_WIN32_DEFAULT.NASL |
description | A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users can directly execute the PHP binary: http://www.somehost.com/php/php.exe?c:\winnt\win.ini |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10839 |
published | 2002-01-25 |
reporter | This script is Copyright (C) 2002-2018 Matt Moore |
source | https://www.tenable.com/plugins/nessus/10839 |
title | Apache Win32 ScriptAlias php.exe Arbitrary File Access |