Security bug
Sagar Gaikwad
sagargaikwad4385 at gmail.com
Tue Apr 3 06:50:39 EDT 2018
Bug: Directory traversal
URL'S:
http://planet.pidgin.im/images/
http://planet.pidgin.im/shared/
http://planet.pidgin.im/shared/css/
http://planet.pidgin.im/shared/img/
http://planet.pidgin.im/shared/img/screens/
http://planet.pidgin.im/shared/js/
http://planet.pidgin.im/shared/js/ie7/
Issue description
Web servers can be configured to automatically list the contents of
directories that do not have an index page present. This can aid an
attacker by enabling them to quickly identify the resources at a given
path, and proceed directly to analyzing and attacking those resources. It
particularly increases the exposure of sensitive files within the directory
that are not intended to be accessible to users, such as temporary files
and crash dumps.
Directory listings themselves do not necessarily constitute a security
vulnerability. Any sensitive resources within the web root should in any
case be properly access-controlled, and should not be accessible by an
unauthorized party who happens to know or guess the URL. Even when
directory listings are disabled, an attacker may guess the location of
sensitive files using automated tools.
Issue remediation
There is not usually any good reason to provide directory listings, and
disabling them may place additional hurdles in the path of an attacker.
This can normally be achieved in two ways:
- Configure your web server to prevent directory listings for all paths
beneath the web root;
- Place into each directory a default file (such as index.htm) that the
web server will display instead of returning a directory listing.
Vulnerability classifications
- CWE-538: File and Directory Information Exposure
<https://cwe.mitre.org/data/definitions/538.html>
- CWE-548: Information Exposure Through Directory Listing
<https://cwe.mitre.org/data/definitions/548.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180403/c1dc8365/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.PNG
Type: image/png
Size: 71074 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180403/c1dc8365/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.PNG
Type: image/png
Size: 18031 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20180403/c1dc8365/attachment-0003.png>
More information about the security
mailing list