SSL issue Backup file disclosure

留言板

Samir Sikander，修改在10 年前。

SSL issue Backup file disclosure

New Member 发布: 1 加入日期: 14-3-21 最近的帖子

I got feedback from Security Vulnerabilities company that my portal has the below issue.
The Portal is hosted on Tomcat 6.x

Description: Backup Files Disclosure
Synopsis: It is possible to retrieve file backups from the
[More]
Description: Backup Files Disclosure

Synopsis: It is possible to retrieve file backups from the remote web server.

Impact: By appending various suffixes (ie: .old, .bak, ~, etc...) to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information.

https://xxx.xxx.xxx.xxx/web/guest/abc~

Thank you

David H Nebinger，修改在10 年前。

RE: SSL issue Backup file disclosure

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子

And this would be a false positive. The portal URLs are all virtual, hell they don't go to specific files really at all, it's all handled by the portal.

If you were actually to try any of these extensions, you'll find that you get no result at all.