PCI scan result: Apache Shiro URI Path Security Traversal Information Disclosure

Hello,
I ran a free PCI scan for my website on http://www.hackerguardian.com/. As a result, I got the following:

      "Apache Shiro URI Path Security Traversal Information Disclosure"

      Description The remote web server appears to be using a version of the Shiro open   source   security framework that that does not
properly normalize URI paths before comparing them to entries in the framework's 'shiro.ini' file.
A remote attacker can leverage this issue to bypass authentication, authorization, or other types of security restrictions via
specially crafted requests.
---------------


Shiro framework is not installed on the machine and shiro.ini cannot be found.
Our website has been coded in VB.NET version 3.5 and uses .NET Membership Authentication to gain access to secured pages.

What could be causing this warning?

Elcin
cuneytyagizAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
cuneytyagizConnect With a Mentor Author Commented:
Stangely, we did someting and it worked. Our website was accessable by its IP, we disabled it.
I don't know why but right before this change, the scan has failed. However, the scan we performed right after this change worked.

Elcin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.