Summary #

Invicti identified a possible Internal Path Disclosure (Windows) in the document.

Impact #
There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Remediation #
Ensure this is not a false positive. Due to the nature of the issue, Netsparker could not confirm that this file path was actually the real file path of the target web server.
  • Error messages should be disabled.
  • Remove this kind of sensitive data from the output.
Classifications #
CAPEC-118; CWE-200; HIPAA-164.306(a), 164.308(a); ISO27001-A.8.1.1; WASC-13; OWASP PC-C7
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo