FloosieTek FTGate Mail Server 1.2 - Full Path Disclosure

EDB-ID:

23914

CVE:

N/A




Platform:

CGI

Date:

2004-04-06


source: https://www.securityfocus.com/bid/10059/info

It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path.

These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks. 

http://www.example.com/inbox/message.fts
http://www.example.com/inbox/message.fts?folder=Sent%20Items&id=test