Path Disclosure Vulnerability in htsearch Program in htDig

Path Disclosure Vulnerability in htsearch Program in htDig

CVE-2000-1191 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.

Learn more about our Cis Benchmark Audit For Server Software.