Thunderstone TEXIS 3.0 - Full Path Disclosure

2002-02-06T00:00:00
ID EXPLOITPACK:EFADBC4BDB093B6E67087169B38D0543
Type exploitpack
Reporter phinegeek
Modified 2002-02-06T00:00:00

Description

Thunderstone TEXIS 3.0 - Full Path Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/4035/info

A vulnerability in TEXIS allows an attacker to view the full path to the web root.

If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the path to the web root. System information may also be revealed.

Versions prior to TEXIS 4.03.1049406926 20030403 are vulnerable. 

http://www.example.com/texis/nonexistent/path/