Snitz Forums 2000 - Path Revealing

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Snitz Forums 2000 DEV-Group

DEV Discussions (General)

Path Revealing

New Topic

Topic Locked

Printer Friendly

Author

Topic

pweighill
Junior Member

United Kingdom
453 Posts

Posted - 24 August 2002 : 09:23:35

Is Path Revealing a security problem or not? The Apache Web server team lists them that way.

quote:
From http://www.apache.org/dist/httpd/CHANGES_2.0

*) SECURITY: Close a path-revealing exposure in multiview type map negotiation (such as the default error documents) where the module would report the full path of the typemapped .var file when multiple documents or no documents could be served based on the mime negotiation.
*) SECURITY: Close a path-revealing exposure in cgi/cgid when we fail to invoke a script. The modules would report "couldn't create child process /path-to-script/script.pl" revealing the full path of the script.

If that is the case, then should whereami.asp be included with snitz?

Edited by - pweighill on 24 August 2002 11:40:43

Gremlin
General Help Moderator

New Zealand
7528 Posts

Posted - 24 August 2002 : 10:41:33

Perhaps instead of leaving it in the /forum folder it could be added to the tools.zip file ? testemailcomponents could be put in there also.

Kiwihosting.Net - The Forum Hosting Specialists

Aaron S.
Average Member

USA
985 Posts

Posted - 24 August 2002 : 11:48:22

I definitely would delete it just as you would setup.asp in your production environment.

DOWNLOAD GREAT NEW MODS HERE

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 24 August 2002 : 12:13:47

that really depends on the server, if it is set up coorectly with the relevat permissions, revealing the physical location of the directory is not a security issue

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.19 seconds.