An information disclosure vulnerability exists in SharePoint Server. An attacker who exploited this vulnerability could read arbitrary files on the server.
To exploit the vulnerability, an attacker would need to send a specially crafted request to a susceptible SharePoint Server instance.
The update addresses the vulnerability by changing how affected APIs process requests.