Description
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3065 Vulnerability (CVE-2018-3065)
WordPress Plugin JupiterX Core Security Bypass (2.0.6)
WordPress Plugin WatchTowerHQ Privilege Escalation (3.6.16)
WordPress Plugin Simple Job Board Cross-Site Scripting (2.4.3)
PHP-Fusion URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-23182)