Citrix Nfuse 1.51 allows remote malicious users to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
source: wwwsecurityfocuscom/bid/2956/info
Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser Nfuse works in conjunction with a previously-installed webserver
It has been reported that a remote attacker can learn the location of the webroot simply by submitt ...