Solved

PCI scan result: Apache Shiro URI Path Security Traversal Information Disclosure

Posted on 2011-09-27
1
1,253 Views
Last Modified: 2012-06-21
Hello,
I ran a free PCI scan for my website on http://www.hackerguardian.com/. As a result, I got the following:

      "Apache Shiro URI Path Security Traversal Information Disclosure"

      Description The remote web server appears to be using a version of the Shiro open   source   security framework that that does not
properly normalize URI paths before comparing them to entries in the framework's 'shiro.ini' file.
A remote attacker can leverage this issue to bypass authentication, authorization, or other types of security restrictions via
specially crafted requests.
---------------


Shiro framework is not installed on the machine and shiro.ini cannot be found.
Our website has been coded in VB.NET version 3.5 and uses .NET Membership Authentication to gain access to secured pages.

What could be causing this warning?

Elcin
0
Comment
Question by:cuneytyagiz
1 Comment
 

Accepted Solution

by:
cuneytyagiz earned 0 total points
ID: 36715210
Stangely, we did someting and it worked. Our website was accessable by its IP, we disabled it.
I don't know why but right before this change, the scan has failed. However, the scan we performed right after this change worked.

Elcin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
In this tutorial viewers will learn how to position items using CSS's three positioning types Create a new HTML document with an internal stylesheet.: Create another div in CSS and name it Absolute : Type "position:absolute;" and "top:10px; left:50p…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now