icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Resin < 2.1s020604 MS-DOS Device Path Disclosure

Medium

Synopsis

The remote web server may disclosure the physical path of the remote web root when asked for a special MS-DOS device as, for instance, lpt9.xtp.

Description

The remote web server may disclosure the physical path of the remote web root when asked for a special MS-DOS device as, for instance, lpt9.xtp. An attacker may use this flaw to gain more knowledge about this host.

Solution

Upgrade to the Resin 2.1s020604 or higher.