Skip to main content

Generation of Error Message Containing Sensitive Information

CVE-2000-1191

Severity Medium
Score 5/10

Summary

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

Advisory Timeline

  • Published