htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and previous versions allows remote malicious users to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
htdig project htdig |
||
htdig project htdig 3.2.0 |