Possible server path disclosure (Windows)

Description

Full Path Disclosure (FPD) vulnerabilities enable the attacker to gain the path that leads to the webroot/file.

Bussines Impact

The risks regarding FPD may produce many results. For example, if the webroot is getting leaked, attackers may abuse the knowledge and use it in combination with other vulnerabilities

Recommendation

To prevent this vulnerability from happening, we suggest that a generic message should be displayed stating that there is an error in the system and doesn’t hold any sensitive information.

Reference

https://owasp.org/www-community/attacks/Full_Path_Disclosure