The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
AV:N/AC:L/Au:N/C:P/I:N/A:N
04/10/2002
by New Atlanta Communications
22 years ago