CVE-2003-0456

VisNetic WebSite 3.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105733894003737&w=2
Various Sources x_refsource_misc
http://www.krusesecurity.dk/advisories/vis0103.txt
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8075
Exploit, Patch, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12483

Scores

EPSS 0.0276
EPSS Percentile 84.6%

Details

CWE
CWE-200
Status published
Products (3)
deerfield/visnetic_website 3.5.13
deerfield/visnetic_website 3.5.15
deerfield/visnetic_website 3.5.17
Published Aug 18, 2003
Tracked Since Feb 18, 2026