By requesting a page that doesn't exist, one or more fully qualified path names were found on the response. From this information the attacker may learn the file system structure from the web server. This information can be used to conduct further attacks.
This information should not be available to the user. You need to configure your server (or the web application) not to return this information.