Fórumok
SSL issue Backup file disclosure
Samir Sikander, módosítva 10 év-val korábban
SSL issue Backup file disclosure
New Member Bejegyzés: 1 Csatlakozás dátuma: 2014.03.21. Legújabb bejegyzések
I got feedback from Security Vulnerabilities company that my portal has the below issue.
The Portal is hosted on Tomcat 6.x
Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the
[More]
Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the remote web server.
Impact: By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.
https://xxx.xxx.xxx.xxx/web/guest/abc~
Thank you
The Portal is hosted on Tomcat 6.x
Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the
[More]
Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the remote web server.
Impact: By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.
https://xxx.xxx.xxx.xxx/web/guest/abc~
Thank you
David H Nebinger, módosítva 10 év-val korábban
RE: SSL issue Backup file disclosure
Liferay Legend Bejegyzések: 14919 Csatlakozás dátuma: 2006.09.02. Legújabb bejegyzések
And this would be a false positive. The portal URLs are all virtual, hell they don't go to specific files really at all, it's all handled by the portal.
If you were actually to try any of these extensions, you'll find that you get no result at all.
If you were actually to try any of these extensions, you'll find that you get no result at all.