View Issue Details

IDProjectCategoryView StatusLast Update
0015405phpList 3 applicationSecuritypublic12-07-19 13:04
Reportertestbot 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Product Version2.10.10 
Target VersionFixed in Version 
Summary0015405: Security issue with Version Number and Possible Probe
DescriptionThis is a two part issue. The first is only in theory based on logs when the system was probed. The second is displaying the version number.

1. I see this returning a 200 response indicating it was possibly successful.
/?p=unsubscribe/admin/index.php?_SERVER[ConfigFile]=./../../../../../../../../../../../../../../../../etc/group HTTP Response 200

2. Version numbers for any software should never be visible to the public. It's a best practice because attackers can then find exploits based on the version you're running. I was able to strip most version numbers from my install but it turns out it's still on the 404 page. How can I remove the version from the 404 pages? All users should do this ASAP.

Side Note: I believe you should add a Security category to mantis.
TagsNo tags attached.

Relationships

child of 0010998 new Enhance security 

Activities

michiel

20-01-10 13:58

manager   ~0050820


point 1 has been fixed.

point 2 is a good suggestion, although I'd make it a "paranoid" setting :-)

testbot

20-01-10 14:08

reporter   ~0050821

number one has been fixed? how can i find out more information about this fix and issue?

i agree with you, that would be great to have a paranoid type setting!

michiel

20-01-10 14:26

manager   ~0050822

point 1 is a variant of the _SERVER[ConfigFile] vulnerability that was fixed in 2.10.9

the double ? will have caused it to not work, so it's not vulnerable.

testbot

20-01-10 14:53

reporter   ~0050825

great! thanks!