TUCoPS :: Web :: Servers :: hsweb1.htm

HSWeb Webserver - discover physical path of web root 
Vulnerability

    HSWeb Webserver

Affected

    HSWeb Webserver 2.0

Description

    Joe  Testa  found  following.   Any  remote  user can discover the
    physical path of the web root if directory browsing is enabled.

    If directory browsing is enabled, then going to the following URL:

        http://localhost/cgi/

    will cause HSWeb to respond with:

        Directory listing of d:\hs\WWWRoot\cgi\

        Type   File Name          Size  Last Modified

        [DIR]  Parent Directory   -     Sun. 28 Jan 2001 10:38:08 GMT

Solution

    Turn off directory browsing.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH