漏洞类别:Web server漏洞等级: 
漏洞信息
WebSite Professional Versions 2.3 and 2.4, a Web server by O'Reilly, discloses it's absolute path. This vulnerability was detected by requesting a non-existent document. The server replied with an error message containing the absolute path of the Web server.
漏洞危害
The absolute path of the Web server can be used to implement further attacks.
解决方案
O'Reilly published the following Software Announcement on their Web site: "Effective August 20, 2001, WebSite Professional will be published by Deerfield.com. WebSite lead developer Bob Denny will continue development of the product, now named Deerfield WebSite.". It seems that Deerfield doesn't support WebsitePro anymore.
As a workaround, you can set up a customized error message.
0day
文章评论