Description
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (3.2.8)
MySQL CVE-2016-3521 Vulnerability (CVE-2016-3521)
WordPress Plugin Infographic Maker-iList Unspecified Vulnerability (2.7.0)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.5)
Internet Information Services Other Vulnerability (CVE-2002-1694)