Unrated severityNVD Advisory· Published May 29, 2002· Updated Jun 16, 2026

CVE-2002-0240

Description

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

Affected products

Apache/HTTP Server
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
PHP/PHPllm-fuzzy

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/4057nvdVendor Advisory
marc.infonvd
www.iss.net/security_center/static/8119.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000