Security Basics mailing list archives
Re: Coldfusion Path Disclosure Vulnerability, Help Required
From: Clinton Moore <clintonmoore () gmail com>
Date: Fri, 4 Mar 2005 17:49:32 -0500
Most web servers install to a default path. If an attacker could glean the physical path of the web server, then one could assume you used the default installation of "web server X version Y" and work from there on known issues with your particular server. Also, just as a basic rule the less information you give out the better. I am sure there are other reasons, but none pop out at me at the moment. -Clint
Current thread:
- Coldfusion Path Disclosure Vulnerability, Help Required Maverick The Techie (Feb 28)
- Re: Coldfusion Path Disclosure Vulnerability, Help Required Clinton Moore (Mar 07)