[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: Joomla unspecified information
From: Henri Salo <henri () nerv ! fi>
Date: 2011-06-27 14:58:35
Message-ID: 20110627145835.GA14674 () foo ! fgeek ! fi
[Download RAW message or body]
On Mon, Jun 27, 2011 at 03:53:27PM +0800, YGN Ethical Hacker Group wrote:
> Path Disclosure should better be regarded as more closely related to
> server-side issue.
> It may be too redundant or unnecessary to create one path disclosure
> issue per CVE.
>
> Another Path Disclosure issue in Joomla! 1.6.1
>
> http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
>
>
> Almost all php CMS applications have this issue going on where some
> of them are listed at:
>
> http://code.google.com/p/inspathx/source/browse/#svn%2Ftrunk%2Fpaths_vuln
I think this deserves own CVE-identifier as Joomla did announce security \
vulnerability. As far as I know the vulnerability was described as "Information \
Disclosure" not patch disclosure. Path disclosures should be fixed from software \
also, but usually it is a problem in web-server configuration. Do you have more \
information about issue CVE-2011-2488? Still no reply from Joomla security team \
regarding issue CVE-2011-2488. I asked more details nearly a week ago.
Btw. I would use domain example.org in advisories if I were you. You might not always \
want to keep that attacker.in domain.
Best regards,
Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic