CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.

Published: May 16, 2002
Updated: Nov 9, 2025
CVE: CVE-2002-0215
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
steve_kneizys / agora.cgi	4.0d	4.0d.x
steve_kneizys / agora.cgi	3.3e	3.3e.x
steve_kneizys / agora.cgi	3.3b	3.3b.x
steve_kneizys / agora.cgi	3.3c	3.3c.x
steve_kneizys / agora.cgi	3.2f	3.2f.x
steve_kneizys / agora.cgi	4.0e	4.0e.x
steve_kneizys / agora.cgi	3.2r	3.2r.x
steve_kneizys / agora.cgi	3.2	3.2.x
steve_kneizys / agora.cgi	3.3j	3.3j.x
steve_kneizys / agora.cgi	3.2l	3.2l.x
steve_kneizys / agora.cgi	3.2k	3.2k.x
steve_kneizys / agora.cgi	3.2d	3.2d.x
steve_kneizys / agora.cgi	3.2p	3.2p.x
steve_kneizys / agora.cgi	3.2j	3.2j.x
steve_kneizys / agora.cgi	3.2ja	3.2ja.x
steve_kneizys / agora.cgi	3.2e	3.2e.x
steve_kneizys / agora.cgi	4.0b	4.0b.x
steve_kneizys / agora.cgi	3.2g	3.2g.x
steve_kneizys / agora.cgi	3.2b	3.2b.x
steve_kneizys / agora.cgi	3.3f	3.3f.x
steve_kneizys / agora.cgi	3.2m	3.2m.x
steve_kneizys / agora.cgi	3.3i	3.3i.x
steve_kneizys / agora.cgi	4.0	4.0.x
steve_kneizys / agora.cgi	3.2a	3.2a.x
steve_kneizys / agora.cgi	3.2q	3.2q.x
steve_kneizys / agora.cgi	3.3a	3.3a.x
steve_kneizys / agora.cgi	4.0a	4.0a.x
steve_kneizys / agora.cgi	3.2i	3.2i.x
steve_kneizys / agora.cgi	3.2n	3.2n.x
steve_kneizys / agora.cgi	3.2h	3.2h.x
steve_kneizys / agora.cgi	3.2c	3.2c.x
steve_kneizys / agora.cgi	3.3d	3.3d.x
steve_kneizys / agora.cgi	4.0c	4.0c.x

Vulnerability Database

308,681

CVE-2002-0215

Deep Security Visibility Without the Complexity