Apache Tomcat Web Root Path Disclosure Vulnerability
do anyone know that any fix is available for this vulnerability
my tomcat version is 5.0.28
java 1.4
more details my scan result
----------------
A vulnerability was reported for Apache Tomcat Version 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for a remote malicious user to make requests that will result in Apache Tomcat returning an error page containing information that includes the absolute path to the server's Web root.
For example, submitting a request to Tomcat for LPT9 results in the following error message: "java.io.FileNotFoundException: C:Program FilesApache Tomcat 4.0webappsROOTlpt9 (The system cannot find the file specified)".
IMPACT:
A malicious user can obtain the absolute path of the Web server root directory, which could aid in further attacks against the host.
SOLUTION:
A fix has not been released. Please check Apache's Web site for more information.
my application runs well without any problem but this was the scan result submitted by my security people