2006-09-21 00:00:00
mitre
PUBLISHED
OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.