SSL issue Backup file disclosure

Fórum

Samir Sikander, modificado 10 Anos atrás.

SSL issue Backup file disclosure

New Member Mensagem: 1 Data de Entrada: 21/03/14 Postagens Recentes

I got feedback from Security Vulnerabilities company that my portal has the below issue.
The Portal is hosted on Tomcat 6.x

Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the
[More]
Description: Backup Files Disclosure

Synopsis: It is possible to retrieve file backups from the remote web server.

Impact: By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.

https://xxx.xxx.xxx.xxx/web/guest/abc~

Thank you

David H Nebinger, modificado 10 Anos atrás.

RE: SSL issue Backup file disclosure

Liferay Legend Postagens: 14919 Data de Entrada: 02/09/06 Postagens Recentes

And this would be a false positive. The portal URLs are all virtual, hell they don't go to specific files really at all, it's all handled by the portal.

If you were actually to try any of these extensions, you'll find that you get no result at all.