Forum Index  ViceVersa HOME         FAQ and Knowledge Base

 FAQForum FAQ   SearchSearch Forum  RegisterRegister 
 ProfileProfile   Log inLog in 

Nonexistent Page Physical Path Disclosure

 
Post new topic   Reply to topic     Forum Index -> Support
Author Message
JP
Guest





PostPosted: Thu Feb 03, 2022 5:50 pm    Post subject: Nonexistent Page Physical Path Disclosure Reply with quote

the powers above do security scans on our servers. we are using VVengine 2.1 and it has the Nonexistent Page Physical Path Disclosure vulnerability.

is there a patch to fix this, or how would i disable the debug message

example i go to mohave17:8001/empty
it responds back
VVEngine resource not found
C:\Program Files (x86)\VVEngine\html\empty

Thanks
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8769

PostPosted: Thu Feb 03, 2022 11:17 pm    Post subject: Reply with quote

Hi, recommend updating to the latest version/build:
VVEngine 2.2 (Build 2250 - Nov 2021)

However, this same behavior is still present. I am not sure it's an issue as VVEngine is not a web application or a public web server, but we can look into this for the next build of VVEngine. VVEngine will only serve via its application a few encrypted pages in the HTML folder and nothing else.
_________________
--
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8769

PostPosted: Thu Feb 03, 2022 11:29 pm    Post subject: Reply with quote

https://owasp.org/www-community/attacks/Full_Path_Disclosure

This vulnerability seems to apply only to web servers with PHP.
We do scan VVEngine with various vulnerability tools.

thanks

--
www.tgrmn.com
Back to top
JP
Guest





PostPosted: Mon May 22, 2023 10:24 pm    Post subject: Nonexistent Page Physical Path Disclosure update Reply with quote

Just checking if this has been addressed in any of the updated versions of ViceVersa?

Thanks
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8769

PostPosted: Tue May 23, 2023 4:05 am    Post subject: Reply with quote

I believe this was addressed, please let me know if otherwise. thank you

PS VVEngine does not support PHP
_________________
--
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com
Back to top
JP
Guest





PostPosted: Thu May 25, 2023 11:54 pm    Post subject: Reply with quote

I installed ViceVersa Pro V5 and VVEngine 2.2 Server Premium Edition. It still fails the test. I understand it's not a issue to you, but we get flagged for this and they ask why hasn't this been addressed.
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8769

PostPosted: Fri May 26, 2023 2:13 am    Post subject: Reply with quote

Hi, ok, thank you for trying it out, can you post the error message you get and which scanning software is reporting it? We can check it again for the next update but VVEngine is not a web server and does not support PHP... but if it helps we can address this for sure. thanks
_________________
--
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com
Back to top
JP
Guest





PostPosted: Fri Jun 02, 2023 6:43 pm    Post subject: Reply with quote

here is the information. Thanks

Nessus Security Center by Tenable Network Security.

Medium Severity Remediation Plan
Plugin Name IP Address Port Exploit?
Nonexistent Page (404) Physical Path
Disclosure xxx.xxx.xxx.xxx 8001 Yes
Synopsis: The remote web server is affected by an information disclosure vulnerability.
Solution: Upgrade the web server to the latest version. Alternatively, reconfigure the web server to disable debug reporting.
CVE: CVE-2001-1372,CVE-2002-0266,CVE-2002-2008,CVE-2003-0456
BID: 3341,4035,4261,5054,8075
Cross References: CWE #200,CERT #278971,EDB-ID #21276
First Discovered: Apr 19, 2021 16:24:18 MST
Last Observed: May 17, 2023 12:29:56 MST
Exploit Frameworks:

not allowing link to image
Back to top
Display posts from previous:   
Post new topic   Reply to topic     Forum Index -> Support All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © phpBB Group
Copyright © TGRMN Software. TGRMN Software products: