[Kolab-devel] [issue3447] Heavy information leak from webclient directories
Sascha Wilde
kolab-issues at intevation.de
Fri Feb 27 15:52:30 CET 2009
New submission from Sascha Wilde <wilde at intevation.de>:
One can freely retrieve every non-PHP file in the web client directory
and all its sub directories via http. This is at leas true for the
official openpkg based distribution, where this affects all files
below /kolab/var/kolab/www/client.
This includes, but is not limited to:
- Logfiles
- User preferences
- User session data
As the user sessions are saved in files with hard to guess names the
log files seem to be the biggest source of confidential information I
have currently found.
POC:
https://example.com/client/log/horde.log
It seams that it has been tied to prevent this problem by placing
.htaccess files with "Deny from All" in all the directories --
unfortunately they are not respected by the apache configuration.
Actually this is conceptional wrong anyway, The Right Thing To Do[tm]
is to deny access for all places except the few that are really meant
to be accessed by users.
----------
assignedto: wrobel
messages: 18811
nosy: martin, thomas, wilde, wrobel
priority: critical
status: unread
title: Heavy information leak from webclient directories
topic: web client
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue3447>
___________________________________________________
More information about the devel
mailing list