I ran my Nessus home version today and one of the vulnerabilities on my MBP was the following:
Nonexistent Page (404) Physical Path Disclosure *Description* The remote web server reveals the physical path of the webroot when asked for a non-existent page. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers. *Plugin Output* *10.0.1.5* 1 Port: 80 / tcp Service: www URL : http://10.0.1.5/niet1868883352.cfm Path Disclosed : /Library/WebServer/Documents/ Response Snippet : ------------------------------ snip ------------------------------ CERT_SERVER_SUBJECT= CERT_SUBJECT= CF_TEMPLATE_PATH=/Library/WebServer/Documents/niet1868883352.cfm CONTENT_LENGTH=0 CONTENT_TYPE= ------------------------------ snip ------------------------------ My question is, should I be concerned? I googled the nietxxxxxx.cfm and no results were found. The only thing in the path are a phpinfo.php page and an index.html.en file. Thanks, Bruce ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:369049 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
