CVE-2000-1191
First published: Fri Aug 31 2001(Updated: )
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ht://Dig | <=3.1.6 | |
| ht://Dig | =3.2.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2000-1191?
CVE-2000-1191 has a medium severity, allowing attackers to identify the physical path of the server.
How do I fix CVE-2000-1191?
To fix CVE-2000-1191, upgrade htDig to version 3.2.0-beta2 or later.
What is the impact of CVE-2000-1191?
The impact of CVE-2000-1191 includes exposure of sensitive file system structure, potentially aiding in further attacks.
Which versions are affected by CVE-2000-1191?
CVE-2000-1191 affects htDig versions 3.1.5, 3.1.6, and 3.2 beta1.
Is CVE-2000-1191 still a concern today?
While older versions of htDig are less commonly used today, CVE-2000-1191 remains a concern for legacy systems still running affected software.
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/severity
- vendor/htdig project
- canonical/ht://dig
- version/ht://dig/3.1.6
- version/ht://dig/3.2.0-beta1