Description
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Remediation
References
Related Vulnerabilities
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-37911)
PHP Use After Free Vulnerability (CVE-2016-9138)
osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)
Oracle JRE CVE-2013-5814 Vulnerability (CVE-2013-5814)
WordPress Plugin Mobile Device Detection by 51Degrees Cross-Site Scripting (3.1.5.2)