CVE-2006-4907

Name of the Vulnerable Software and Affected Versions OSU versions 3.10a and 3.11alpha

Description The issue allows remote attackers to obtain sensitive information via a URL to a non-existent file. This results in the web root path being displayed in the error message.

Recommendations For OSU version 3.10a, update to a version that does not display the web root path in error messages. For OSU version 3.11alpha, update to a version that does not display the web root path in error messages. As a temporary workaround, consider configuring the error handling to not display sensitive information, such as the web root path, until a patch is available.