bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
Rémi Perrot fixed several security related bugs in the bonsai, the
Mozilla CVS query tool by web interface Vulnerabilities include
arbitrary code execution, cross-site scripting and access to
configuration parameters The Common Vulnerabilities and Exposures
project identifies the following problems:
CAN-2003-0152 - Remote execution of arbitrar ...
source: wwwsecurityfocuscom/bid/5517/info
A path disclosure vulnerability has been reported in Mozilla Bonsai
An attacker can exploit this vulnerability by making a malformed request to Bonsai This causes Bonsai to return an error page to the requesting user This error page will contain the absolute path information about the requeste ...