Sensitive data like "/usr/local/nagios/var/nagios.log" is seen on paged displayed with showlog.cgi
One or more fully qualified path names were found on this page.
From this information the attacker may learn the file system structure from the web server. This information can be used to conduct further attacks.
please prevent this information and others from being displayed to the user .
Possible server path disclosure on showlog.cgi
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Possible server path disclosure on showlog.cgi
This would be behind basic authentication where only people with credentials could access.