Closed Bug 187230 Opened 23 years ago Closed 22 years ago

[SECURITY] Physical path to files revealed in error messages

Categories

(Webtools Graveyard :: Bonsai, defect)

Product:
Webtools Graveyard
Component:
Bonsai
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: justdave, Assigned: tara)

References

(
URL
)

Details

Attachments

(1 file)

removing fully qualified path information from public display
1.27 KB, patch
timeless
: review+
Details | Diff | Splinter Review
See the URL for bugtraq posting. "Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>." not setting security flag because this is already publicly disclosed.
Status: NEW → ASSIGNED
In the case of the error message in cvsview2.cgi, I've removed the CVSROOT information, which creates the potential hazard, but left the relative path to the path/dir itself alone. In multidiff.cgi, I've stripped full patch information returned by rcs diff and left just the file name.
Comment on attachment 117011 [details] [diff] [review] removing fully qualified path information from public display the indentation of multidiff is bad - tabs
Attachment #117011 - Flags: review+
Checked in the patch.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: