ID de Prueba:	1.3.6.1.4.1.25623.1.0.11714
Categoría:	Web application abuses
Título:	Non-Existent Page Physical Path Disclosure Vulnerability (HTTP)
Resumen:	The remote web server is prone to an information disclosure; vulnerability.
Descripción:	Summary: The remote web server is prone to an information disclosure vulnerability. Vulnerability Insight: The remote web server reveals the physical path of the webroot when asked for a non-existent page. Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. Affected Software/OS: The following products are known to be vulnerable: - No CVE: Pi3Web version 2.0.0 - CVE-2001-1372: Oracle 9i Application Server 1.0.2 - CVE-2002-0266: Thunderstone Texis - CVE-2002-2008: Apache Tomcat 4.0.3 for Windows - CVE-2003-0456: VisNetic WebSite 3.5 Other products or versions might be affected as well. Solution: Update the server or reconfigure it. Please contact the vendor of the product for more info. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1372 BugTraq ID: 3341 http://www.securityfocus.com/bid/3341 Bugtraq: 20010917 Yet another path disclosure vulnerability (Google Search) http://marc.info/?l=bugtraq&m=100074087824021&w=2 Bugtraq: 20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i (Google Search) http://marc.info/?l=bugtraq&m=100119633925473&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#278971 http://www.kb.cert.org/vuls/id/278971 http://www.nii.co.in/research.html XForce ISS Database: oracle-jsp-reveal-path(7135) https://exchange.xforce.ibmcloud.com/vulnerabilities/7135 Common Vulnerability Exposure (CVE) ID: CVE-2002-0266 BugTraq ID: 4035 http://www.securityfocus.com/bid/4035 Bugtraq: 20020206 texis(CGI) Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=101301228031165&w=2 Bugtraq: 20020211 Re: texis(CGI) Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=101346478229431&w=2 http://www.iss.net/security_center/static/8103.php Common Vulnerability Exposure (CVE) ID: CVE-2002-2008 BugTraq ID: 5054 http://www.securityfocus.com/bid/5054 Bugtraq: 20020619 KPMG-2002024: Apache Tomcat Path Disclosure (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-06/0225.html https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E http://www.iss.net/security_center/static/9394.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0456 BugTraq ID: 8075 http://www.securityfocus.com/bid/8075 Bugtraq: 20030701 VisNetic WebSite Path Disclosure Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=105733894003737&w=2 http://www.krusesecurity.dk/advisories/vis0103.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html XForce ISS Database: visnetic-website-path-disclosure(12483) https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
Copyright	Copyright (C) 2003 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.