Solved

PCI scan result: Apache Shiro URI Path Security Traversal Information Disclosure

Posted on 2011-09-27
1
1,270 Views
Last Modified: 2012-06-21
Hello,
I ran a free PCI scan for my website on http://www.hackerguardian.com/. As a result, I got the following:

      "Apache Shiro URI Path Security Traversal Information Disclosure"

      Description The remote web server appears to be using a version of the Shiro open   source   security framework that that does not
properly normalize URI paths before comparing them to entries in the framework's 'shiro.ini' file.
A remote attacker can leverage this issue to bypass authentication, authorization, or other types of security restrictions via
specially crafted requests.
---------------


Shiro framework is not installed on the machine and shiro.ini cannot be found.
Our website has been coded in VB.NET version 3.5 and uses .NET Membership Authentication to gain access to secured pages.

What could be causing this warning?

Elcin
0
Comment
Question by:cuneytyagiz
1 Comment
 

Accepted Solution

by:
cuneytyagiz earned 0 total points
ID: 36715210
Stangely, we did someting and it worked. Our website was accessable by its IP, we disabled it.
I don't know why but right before this change, the scan has failed. However, the scan we performed right after this change worked.

Elcin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question