| VID |
21181 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
It was possible to obtain the physical location of a virtual web directory of this host by issuing the command :
GET /scripts/no-such-file.pl HTTP/1.0
An attacker may use this flaw to gain more information about the host, and hence make more focused attacks.
* References:
http://www.securityfocus.com/bid/194 |
| Recommendation |
Use perlis.dll instead of perl.exe, and use the latest version of perlis.dll. |
| Related URL |
CVE-1999-0450 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
