https://www.exploit-db.com/exploits/20987
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-063

CitrixNfuse1.51版本存在漏洞。远程攻击者借助不提供session字段对的launch.asp的畸形请求获取web根的绝对路径。

source: http://www.securityfocus.com/bid/2956/info

Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver.

It has been reported that a remote attacker can learn the location of the webroot simply by submitting a request to the launcher application without specifying the additional required information. This has been reported to not be reliably replicable. 

http://target/path/launch.asp?

来源:BID
名称:2956
链接:http://www.securityfocus.com/bid/2956
来源:BUGTRAQ
名称:20010702Re:Nfuserevealsfullpath
链接:http://www.securityfocus.com/archive/1/194522
来源:BUGTRAQ
名称:20010630Nfuserevealsfullpath
链接:http://www.securityfocus.com/archive/1/194449
来源:XF
名称:citrix-nfuse-path-disclosure(6786)
链接:http://xforce.iss.net/static/6786.php