Test ID:	1.3.6.1.4.1.25623.1.0.11714
Category:	Web application abuses
Title:	Non-Existent Page Physical Path Disclosure Vulnerability (HTTP)
Summary:	The remote web server is prone to an information disclosure; vulnerability.
Description:	Summary: The remote web server is prone to an information disclosure vulnerability. Vulnerability Insight: The remote web server reveals the physical path of the webroot when asked for a non-existent page. Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. Affected Software/OS: The following products are known to be vulnerable: - No CVE: Pi3Web version 2.0.0 - CVE-2001-1372: Oracle 9i Application Server 1.0.2 - CVE-2002-0266: Thunderstone Texis - CVE-2002-2008: Apache Tomcat 4.0.3 for Windows - CVE-2003-0456: VisNetic WebSite 3.5 Other products or versions might be affected as well. Solution: Update the server or reconfigure it. Please contact the vendor of the product for more info. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1372 BugTraq ID: 3341 http://www.securityfocus.com/bid/3341 Bugtraq: 20010917 Yet another path disclosure vulnerability (Google Search) http://marc.info/?l=bugtraq&m=100074087824021&w=2 Bugtraq: 20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i (Google Search) http://marc.info/?l=bugtraq&m=100119633925473&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#278971 http://www.kb.cert.org/vuls/id/278971 http://www.nii.co.in/research.html XForce ISS Database: oracle-jsp-reveal-path(7135) https://exchange.xforce.ibmcloud.com/vulnerabilities/7135 Common Vulnerability Exposure (CVE) ID: CVE-2002-0266 BugTraq ID: 4035 http://www.securityfocus.com/bid/4035 Bugtraq: 20020206 texis(CGI) Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=101301228031165&w=2 Bugtraq: 20020211 Re: texis(CGI) Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=101346478229431&w=2 http://www.iss.net/security_center/static/8103.php Common Vulnerability Exposure (CVE) ID: CVE-2002-2008 BugTraq ID: 5054 http://www.securityfocus.com/bid/5054 Bugtraq: 20020619 KPMG-2002024: Apache Tomcat Path Disclosure (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-06/0225.html https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E http://www.iss.net/security_center/static/9394.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0456 BugTraq ID: 8075 http://www.securityfocus.com/bid/8075 Bugtraq: 20030701 VisNetic WebSite Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=105733894003737&w=2 http://www.krusesecurity.dk/advisories/vis0103.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html XForce ISS Database: visnetic-website-path-disclosure(12483) https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
Copyright	Copyright (C) 2003 Michel Arboi

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.