Synopsis
The remote web application discloses path information.
Description
At least one web application hosted on the remote web server discloses the physical path to its directories when a malformed request is sent to it.
Leaking this kind of information may help an attacker fine-tune attacks against the application and its backend.
Solution
Filter error messages containing path information.
Plugin Details
File Name: web_path_leak.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests