Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PCI scan result: Apache Shiro URI Path Security Traversal Information Disclosure

Posted on 2011-09-27
1
Medium Priority
?
1,331 Views
Last Modified: 2012-06-21
Hello,
I ran a free PCI scan for my website on http://www.hackerguardian.com/. As a result, I got the following:

      "Apache Shiro URI Path Security Traversal Information Disclosure"

      Description The remote web server appears to be using a version of the Shiro open   source   security framework that that does not
properly normalize URI paths before comparing them to entries in the framework's 'shiro.ini' file.
A remote attacker can leverage this issue to bypass authentication, authorization, or other types of security restrictions via
specially crafted requests.
---------------


Shiro framework is not installed on the machine and shiro.ini cannot be found.
Our website has been coded in VB.NET version 3.5 and uses .NET Membership Authentication to gain access to secured pages.

What could be causing this warning?

Elcin
0
Comment
Question by:cuneytyagiz
1 Comment
 

Accepted Solution

by:
cuneytyagiz earned 0 total points
ID: 36715210
Stangely, we did someting and it worked. Our website was accessable by its IP, we disabled it.
I don't know why but right before this change, the scan has failed. However, the scan we performed right after this change worked.

Elcin
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question