漏洞类别:Web server漏洞等级: 
漏洞信息
O'Reilly & Associates Website Professional is a Web server designed for Windows environments. It's possible for a remote attacker to disclose the physical path to the root directory on a machine with Website Professional installed. By requesting a specially crafted URL appended with '/:/', a malicious user will cause the system to return a 403 Forbidden error message with the physical path to the root.
漏洞危害
Successful exploitation of this vulnerability could lead to the disclosure of sensitive information, which could possibly aid in further attacks against the host.
解决方案
For the latest information on patches or upgrades, visit the Deerfield Web site.
0day
文章评论