QwikSec

Security Database

CVE

CWE

Training

CVE-2000-1191

Published: Sep 12, 2001

Modified: Aug 8, 2024

PUBLISHED

Description

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:10526

vdb-entry

signature

x_refsource_OVAL

htdig-htsearch-path-disclosure(7367)

vdb-entry

x_refsource_XF

http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.