Path Disclosure Vulnerability in VisNetic WebSite 3.5

Path Disclosure Vulnerability in VisNetic WebSite 3.5

CVE-2003-0456 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

Learn more about our Web App Pen Testing.