HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2001-02/0052.htmlhttp://www.securityfocus.com/bid/2336
