CVE-2003-0456

Name of the Vulnerable Software and Affected Versions: VisNetic WebSite version 3.5

Description: The issue allows remote attackers to obtain the full pathname of the server. This is achieved by sending a request that contains a folder that does not exist, which in turn leaks the pathname in an error message. For example, this can be demonstrated using a request to vti bin/fpcount.exe.

Recommendations: For VisNetic WebSite version 3.5, consider restricting access to the vti bin directory to minimize the risk of exploitation. Additionally, as a temporary workaround, avoid using the fpcount.exe executable until a patch is available or the issue is otherwise resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.