150004 Path-Based Vulnerability - possible false detection?
I ran the Qualys scan recently and it reported 10 counts of path disclosure. The vulnerability is showing up because we are getting a response of 200 when hitting any URL within our site.
If you are logged in before attempting to access one of the vulnerable sites listed by Qualys it returns a 404 because the site doesn't exist.
Example of the 404
If you are aren't logged in before attempt to access one of the above sites it returns a 200 and redirects you to our single sign on page so that the user can log in before attempting to redirect the user to the site they requested which will in turn return a 404.
Example of the 200 redirected to CAMS/Single Sign On
Is this possibly a false positive?