First published: Tue Jul 15 2003(Updated: )
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Deerfield VisNetic WebSite | =3.5.17 | |
Deerfield VisNetic WebSite | =3.5.15 | |
Deerfield VisNetic WebSite | =3.5.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.