Description
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4366
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10526
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7367
Broken Link x_refsource_misc
http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html
Scores
EPSS
0.0305
EPSS Percentile
85.8%
Details
CWE
CWE-209
Status
published
Products (2)
htdig_project/htdig
3.2.0 beta1
htdig_project/htdig
< 3.1.6
Published
Aug 31, 2001
Tracked Since
Feb 18, 2026