Solved

PCI scan result: Apache Shiro URI Path Security Traversal Information Disclosure

Posted on 2011-09-27
1
1,271 Views
Last Modified: 2012-06-21
Hello,
I ran a free PCI scan for my website on http://www.hackerguardian.com/. As a result, I got the following:

      "Apache Shiro URI Path Security Traversal Information Disclosure"

      Description The remote web server appears to be using a version of the Shiro open   source   security framework that that does not
properly normalize URI paths before comparing them to entries in the framework's 'shiro.ini' file.
A remote attacker can leverage this issue to bypass authentication, authorization, or other types of security restrictions via
specially crafted requests.
---------------


Shiro framework is not installed on the machine and shiro.ini cannot be found.
Our website has been coded in VB.NET version 3.5 and uses .NET Membership Authentication to gain access to secured pages.

What could be causing this warning?

Elcin
0
Comment
Question by:cuneytyagiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
cuneytyagiz earned 0 total points
ID: 36715210
Stangely, we did someting and it worked. Our website was accessable by its IP, we disabled it.
I don't know why but right before this change, the scan has failed. However, the scan we performed right after this change worked.

Elcin
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question