Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0456


Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0456
Last Modified 05 Sep 2008 04:34:21
Published 18 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.

Vulnerable Systems


  • Deerfield Visnetic Website 3.5.13

  • Deerfield Visnetic Website 3.5.15

  • Deerfield Visnetic Website 3.5.17


BID - 8075

BUGTRAQ - 20030701 VisNetic WebSite Path Disclosure Vulnerability

XF - visnetic-website-path-disclosure(12483)


Last Updated: 27 May 2016 10:37:55