Mozilla Bonsai 1.3 - Full Path Disclosure

EDB-ID:

21730




Platform:

CGI

Date:

2002-08-20


source: https://www.securityfocus.com/bid/5517/info

A path disclosure vulnerability has been reported in Mozilla Bonsai.

An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesting user. This error page will contain the absolute path information about the requested file.

/bonsai/cvsview2.cgi
/bonsai/multidiff.cgi