Status

Websites
planet.mozilla.org
--
minor
5 years ago
4 years ago

People

(Reporter: shashank, Assigned: reed)

Tracking

({sec-low, wsec-disclosure})

other
sec-low, wsec-disclosure
Bug Flags:
sec-bounty -

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 665901 [details]
directory listing

certain directories of http://planet.mozilla.org/ are having directory listing vulnerabilities. The urls of them are 

1. http://planet.mozilla.org/img/  
2. http://planet.mozilla.org/projects/img/
(Reporter)

Comment 1

5 years ago
please add an index page in order to fiix directory listing
Assignee: server-ops-devservices → server-ops-webops
Component: CVS: Administration → Server Operations: Web Operations
QA Contact: shyam → cshields
(Assignee)

Updated

5 years ago
Assignee: server-ops-webops → nobody
Component: Server Operations: Web Operations → planet.mozilla.org
OS: Windows 7 → All
Product: mozilla.org → Websites
QA Contact: cshields
Hardware: x86 → All
(Assignee)

Comment 2

5 years ago
This is not a security vulnerability.
(Reporter)

Comment 3

5 years ago
is directory listing not counted in vulnerablities ??? or only critical directory listing ???(In reply to Reed Loden [:reed] from comment #2)
> This is not a security vulnerability.

Comment 4

5 years ago
It depends - it can be a security risk if the directory is critical / contains sensitive files. In this case, it's merely the image folders for the site. Not a big risk.
(Assignee)

Updated

5 years ago
Assignee: nobody → reed
Severity: normal → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 5

5 years ago
then plz chek my another bug ... bug id 795639  there is sensitive directory listing 
(In reply to Matt Fuller :mfuller from comment #4)
> It depends - it can be a security risk if the directory is critical /
> contains sensitive files. In this case, it's merely the image folders for
> the site. Not a big risk.
(Reporter)

Comment 6

5 years ago
well am i going to get bounty for it ???
(Reporter)

Comment 7

5 years ago
replys plzz???????????????????????????????????????????/
(Assignee)

Updated

5 years ago
Flags: sec-bounty?
(Reporter)

Comment 8

5 years ago
what do u mean ??? :/
(In reply to shashank from comment #8)
> what do u mean ??? :/

Please stop spamming the bug, issues are handled based on the priority of the issue. This issue is a low and as such is not eligible for a bounty. Planet is a blog platform and contains no sensitive information.

The other bug is both a duplicate of an existing issue and a low, and thus also not eligible for a bounty.
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low, wsec-disclosure

Updated

5 years ago
Blocks: 836522
You need to log in before you can comment on or make changes to this bug.