Open
Bug 795323
Opened 12 years ago
Updated 8 months ago
directory listing in http://planet.mozilla.org
Categories
(Websites :: planet.mozilla.org, defect)
Websites
planet.mozilla.org
Tracking
(Not tracked)
NEW
People
(Reporter: shashankcyberboy, Assigned: reed)
Details
(Keywords: reporter-external, sec-low, wsec-disclosure)
Attachments
(1 file)
116.04 KB,
image/png
|
Details |
certain directories of http://planet.mozilla.org/ are having directory listing vulnerabilities. The urls of them are
1. http://planet.mozilla.org/img/
2. http://planet.mozilla.org/projects/img/
please add an index page in order to fiix directory listing
Updated•12 years ago
|
Assignee: server-ops-devservices → server-ops-webops
Component: CVS: Administration → Server Operations: Web Operations
QA Contact: shyam → cshields
Assignee | ||
Updated•12 years ago
|
Assignee: server-ops-webops → nobody
Component: Server Operations: Web Operations → planet.mozilla.org
OS: Windows 7 → All
Product: mozilla.org → Websites
QA Contact: cshields
Hardware: x86 → All
Assignee | ||
Comment 2•12 years ago
|
||
This is not a security vulnerability.
is directory listing not counted in vulnerablities ??? or only critical directory listing ???(In reply to Reed Loden [:reed] from comment #2)
> This is not a security vulnerability.
Comment 4•12 years ago
|
||
It depends - it can be a security risk if the directory is critical / contains sensitive files. In this case, it's merely the image folders for the site. Not a big risk.
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → reed
Severity: normal → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
then plz chek my another bug ... bug id 795639 there is sensitive directory listing
(In reply to Matt Fuller :mfuller from comment #4)
> It depends - it can be a security risk if the directory is critical /
> contains sensitive files. In this case, it's merely the image folders for
> the site. Not a big risk.
Assignee | ||
Updated•12 years ago
|
Flags: sec-bounty?
(In reply to shashank from comment #8)
> what do u mean ??? :/
Please stop spamming the bug, issues are handled based on the priority of the issue. This issue is a low and as such is not eligible for a bounty. Planet is a blog platform and contains no sensitive information.
The other bug is both a duplicate of an existing issue and a low, and thus also not eligible for a bounty.
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low,
wsec-disclosure
Updated•8 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•