Description
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Remediation
References
Related Vulnerabilities
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8707)
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2023-5548)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2014-0082)