Web root exposure in HSWeb Webserver Overview HSWeb v2.0 is a webserver available from http://www.jeffheaton.com and http://www.download.com. Any remote user can discover the physical path of the web root if directory browsing is enabled. Details If directory browsing is enabled, then going to the following URL: http://localhost/cgi/ will cause HSWeb to respond with: Directory listing of d:\hs\WWWRoot\cgi\ Type File Name Size Last Modified [DIR] Parent Directory - Sun. 28 Jan 2001 10:38:08 GMT Solution Turn off directory browsing. Vendor Status The author of the program, Jeff Heaton, was notified via <[EMAIL PROTECTED]> on Sunday, January 28, 2001. No reply was received. - Joe Testa ( [EMAIL PROTECTED] )