Reported July 17, 2002, by Peter Gründl.
Resin Web and Application Server 2.1.1 and 2.1.2 for Windows 2000
An information-disclosure vulnerability exists in Resin 2.1.1 and 2.1.2 for Windows 2000 that can result in displaying the physical path to the Web root. By requesting certain disk operating system (DOS) devices, such as lpt9.xtp, an attacker can cause the server to display an error message with the path to Web root in the returned-error information.
Discovered by Peter Gründl.