Apache Cocoon 2.1.4 and below are vulnerable to an installation path disclosure.
Apache Cocoon 2.1.4
Apache Cocoon 1.7.1
Default error pages in various versions of the Apache Cocoon Java server reveal the file system path to the Cocoon installation directory.
These URLs will show the path to the Cocoon directory:
Set custom error pages which do not reveal system information.
Vendor was contacted on 3/13/2004.
Updated information can be found on OSVDB.org under the following entries:
OSVDB-4231Apache Cocoon Error Page Server Path Disclosure