Description
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105733894003737&w=2
Various Sources x_refsource_misc
http://www.krusesecurity.dk/advisories/vis0103.txt
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8075
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12483
Scores
EPSS
0.0276
EPSS Percentile
84.6%
Details
CWE
CWE-200
Status
published
Products (3)
deerfield/visnetic_website
3.5.13
deerfield/visnetic_website
3.5.15
deerfield/visnetic_website
3.5.17
Published
Aug 18, 2003
Tracked Since
Feb 18, 2026