Reported July 17, 2002, by Peter Gründl.
Jigsaw Web Server 2.2.1 for Windows 2000
An information-disclosure vulnerability exists in Jigsaw Web server 2.2.1 for Windows 2000. An attacker who requests “/aux” through HTTP two times can cause the Web server to display an error message containing the physical path to the Web root.
Discovered by Peter Gründl.