Summary #

Netsparker identified a possible Internal Path Disclosure (Windows) in the document.

Impact #
There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Remediation #
Ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this file path was actually the real file path of the target web server.
  • Error messages should be disabled.
  • Remove this kind of sensitive data from the output.
Classifications #
CAPEC-118, CWE-200, HIPAA-200, ISO27001-A.8.1.1, WASC-13, OWASP PC-C7
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO