404 shouldn't reveal underlying file system structure in message

Description

Can we move the missing file path to detail?

Otherwise an attacker can just call a non existent file to expose the underlying file system structure.

i.e. https://download.lucee.org/404.cfm reveals the file system structure

If it's in detail, we can safely show the message to end users, omitting the detail

Environment

None

Assignee

Unassigned

Reporter

Zac Spitzer

Priority

New

Labels

None

Fix versions

None

Affects versions

Configure