Summary
An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path.
A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the webroot directory.
Apparently, swish may also display system-specific information in the HTML returned by the script
Solution
remove it
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Open For Business HTML injection vulnerability