htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-209,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| htdig_project | htdig | 3.2.0 |
| htdig_project | htdig | * |