CVE-2002-0524

Name of the Vulnerable Software and Affected Versions ASP-Nuke versions RC2 and earlier

Description The issue allows remote attackers to determine the absolute path of the server. This can be achieved by either calling the "database-inc.asp" endpoint with incorrect cookies or by calling the "Post.asp" endpoint with certain arguments, which results in the pathname being leaked in an error message.

Recommendations For ASP-Nuke versions RC2 and earlier, consider restricting access to the "database-inc.asp" and "Post.asp" endpoints until a fix is available. As a temporary workaround, modify the error handling mechanism to prevent the disclosure of sensitive path information.