Re: Coldfusion Path Disclosure Vulnerability, Help Required

[Clinton Moore <clintonmoore () gmail com>]

Most web servers install to a default path.  If an attacker could
glean the physical path of the web server, then one could assume you
used the default installation of "web server X version Y" and work
from there on known issues with your particular server.  Also, just as
a basic rule the less information you give out the better.  I am sure
there are other reasons, but none pop out at me at the moment.

-Clint