Citrix Nfuse boilerplate.asp Web Root Disclosure Vulnerability

Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

It has been reported that a legitimate user of the service, can learn the location of the webroot. Submitting a specially crafted request via boilerplate.asp, could cause the host to return an error message containing the path to the web root.


 

Privacy Statement
Copyright 2010, SecurityFocus