Support #1517
PENTEST - Directory Traversal
Status: | Closed - End of life cycle | Start date: | June 19, 2012 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | Ahmad Hazri | % Done: | 0% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Issue: Remote/Public can access internal path/directory. For KFH case, kfh_corus are meant for internal access but using such attack public also can access it.
Recommendation:
1) Do filtering
2) Move CORUS to other server
3) Upgrade web server (SUN Java Web Server)
History
#1 Updated by Ahmad Hazri over 12 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
another possible solution (maybe the best and most less effort):
F5 has capabilities to resolve this issue using iRules.
ref:
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/104/iRule-Security-101--05--Avoiding-Path-Traversal.aspx
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/config_guide_asm_10_2_0/asm_attack_sigs.html#1044878
https://www.owasp.org/index.php/Path_Traversal
#2 Updated by Ahmad Hazri over 10 years ago
- Status changed from Development / Work In Progress to Closed - End of life cycle
Customer apply at F5 level