Author |
Message |
JP Guest
|
Posted: Thu Feb 03, 2022 5:50 pm Post subject: Nonexistent Page Physical Path Disclosure |
|
|
the powers above do security scans on our servers. we are using VVengine 2.1 and it has the Nonexistent Page Physical Path Disclosure vulnerability.
is there a patch to fix this, or how would i disable the debug message
example i go to mohave17:8001/empty
it responds back
VVEngine resource not found
C:\Program Files (x86)\VVEngine\html\empty
Thanks |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8769
|
Posted: Thu Feb 03, 2022 11:17 pm Post subject: |
|
|
Hi, recommend updating to the latest version/build:
VVEngine 2.2 (Build 2250 - Nov 2021)
However, this same behavior is still present. I am not sure it's an issue as VVEngine is not a web application or a public web server, but we can look into this for the next build of VVEngine. VVEngine will only serve via its application a few encrypted pages in the HTML folder and nothing else. _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8769
|
|
Back to top |
|
|
JP Guest
|
Posted: Mon May 22, 2023 10:24 pm Post subject: Nonexistent Page Physical Path Disclosure update |
|
|
Just checking if this has been addressed in any of the updated versions of ViceVersa?
Thanks |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8769
|
|
Back to top |
|
|
JP Guest
|
Posted: Thu May 25, 2023 11:54 pm Post subject: |
|
|
I installed ViceVersa Pro V5 and VVEngine 2.2 Server Premium Edition. It still fails the test. I understand it's not a issue to you, but we get flagged for this and they ask why hasn't this been addressed. |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8769
|
Posted: Fri May 26, 2023 2:13 am Post subject: |
|
|
Hi, ok, thank you for trying it out, can you post the error message you get and which scanning software is reporting it? We can check it again for the next update but VVEngine is not a web server and does not support PHP... but if it helps we can address this for sure. thanks _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
JP Guest
|
Posted: Fri Jun 02, 2023 6:43 pm Post subject: |
|
|
here is the information. Thanks
Nessus Security Center by Tenable Network Security.
Medium Severity Remediation Plan
Plugin Name IP Address Port Exploit?
Nonexistent Page (404) Physical Path
Disclosure xxx.xxx.xxx.xxx 8001 Yes
Synopsis: The remote web server is affected by an information disclosure vulnerability.
Solution: Upgrade the web server to the latest version. Alternatively, reconfigure the web server to disable debug reporting.
CVE: CVE-2001-1372,CVE-2002-0266,CVE-2002-2008,CVE-2003-0456
BID: 3341,4035,4261,5054,8075
Cross References: CWE #200,CERT #278971,EDB-ID #21276
First Discovered: Apr 19, 2021 16:24:18 MST
Last Observed: May 17, 2023 12:29:56 MST
Exploit Frameworks:
not allowing link to image |
|
Back to top |
|
|
|