Summary
Your web server reveals the physical path of the webroot when asked for a non-existent page.
Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers.
Solution
Upgrade your server or reconfigure it
Severity
Classification
-
CVE CVE-2001-1372, CVE-2003-0456 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability