Closed Bug 1316807 Opened 8 years ago Closed 8 years ago

Directory Listing and Information Disclosure in download-installer.cdn.mozilla.net

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 916473

People

(Reporter: 3gyhack, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 file)

Directory Listing and Information Disclosure
58.02 KB, image/png
Details
It includes sensitive information such as Emails files, database files like : https://download-installer.cdn.mozilla.net/pub/data/crash-data/smart-analysis-win.txt https://download-installer.cdn.mozilla.net/pub/data/crash-data/smart-analysis-all.txt https://download-installer.cdn.mozilla.net/pub/data/crash-data/seamonkey-crash-analysis-detailed.txt Directory listing is a web server function that displays a list of all the files when there is not an index file, such as index.php and default.asp in a specific website directory. Examples of Attack Scenarios 1. As described above, some web administrators do not properly configure web servers to disable the Directory Listing or sometimes do not do it at all. For instance, administrators may make complex configuration settings, such as to allow directory listing for particular directories or sub-directories. The improper configuration of this task might result to the unexpected and unintended enabling of directory listing of directories which contain sensitive information. 2. Even if Directory Listing is disabled on a web server, attackers might discover and exploit web server vulnerabilities that will result in a directory listing of some specific application directories. For instance, an old Apache Tomcat vulnerability was not properly handling null bytes (%00) and backslash (‘’) characters which were making it prone to directory listing attacks. 3. Attackers might discover directory indexes from cached or historical data contained in online databases. For example Google’s Cache database might contain historical data of a target, which previously had directory listing enabled. Such data allows the attacker to gain the information needed without having to exploit vulnerabilities.
Flags: sec-bounty?
Hey there, :Mahmoud. It is expected for there to be directory listings on this server. Those files in question date back to 2003, so there's nothing sensitive in them. :) Nevertheless, we thank you for reporting this!
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → WONTFIX
Resolution: WONTFIX → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: