Summary
Your web server reveals the physical path of the webroot when asked for a non-existent page.
Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers.
Solution
Upgrade your server or reconfigure it
Severity
Classification
-
CVE CVE-2001-1372, CVE-2003-0456 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Struts Directory Traversal Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability