SSL issue Backup file disclosure

Fórumok

Samir Sikander, módosítva 10 év-val korábban

SSL issue Backup file disclosure

New Member Bejegyzés: 1 Csatlakozás dátuma: 2014.03.21. Legújabb bejegyzések

I got feedback from Security Vulnerabilities company that my portal has the below issue.
The Portal is hosted on Tomcat 6.x

Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the
[More]
Description: Backup Files Disclosure

Synopsis: It is possible to retrieve file backups from the remote web server.

Impact: By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.

https://xxx.xxx.xxx.xxx/web/guest/abc~

Thank you

David H Nebinger, módosítva 10 év-val korábban

RE: SSL issue Backup file disclosure

Liferay Legend Bejegyzések: 14919 Csatlakozás dátuma: 2006.09.02. Legújabb bejegyzések

And this would be a false positive. The portal URLs are all virtual, hell they don't go to specific files really at all, it's all handled by the portal.

If you were actually to try any of these extensions, you'll find that you get no result at all.