[原文]WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
WebTrends Reporting Center get_od_toc.pl Path Disclosure
Remote / Network Access
Loss of Confidentiality
WebTrends Reporting Center contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when calling the get_od_toc.pl script with an empty 'Profile' argument, which will display an error message disclosing real server path information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.