Osu · Osu · CVE-2006-4907
**Name of the Vulnerable Software and Affected Versions**
OSU versions 3.10a and 3.11alpha
**Description**
The issue allows remote attackers to obtain sensitive information via a URL to a non-existent file. This results in the web root path being displayed in the error message.
**Recommendations**
For OSU version 3.10a, update to a version that does not display the web root path in error messages.
For OSU version 3.11alpha, update to a version that does not display the web root path in error messages.
As a temporary workaround, consider configuring the error handling to not display sensitive information, such as the web root path, until a patch is available.