Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

clarifications regarding the result of a security audit

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
pipa85
Posts: 7
Joined: 2018-08-08 12:32

clarifications regarding the result of a security audit

#1 Post by pipa85 »

Hello,
I don't know if this is the right place to ask this question. I apologize if this is not the case. We installed moodle on debian 10 and a company specializing in security analyzed our moodle in order to find security vulnerabilities. Among the vulnerabilities found, there is one vulnerability which I cannot understand, I hope you can help me understand it. Here is the information regarding this vulnerability.
The vulnerability: Local filesystem paths: Absolute filesystem path
Impacte : This information is sensitive, as it may reveal things about the server environment to an attacker.
Knowing filesystem layout can increase the chances of success for blind attacks.
Exploitation: Get/
lib/javascript.php/ /media/player/videojs/videojs/video-js.swf
Remedy: Replace the absolute directory path with a hypertext link to the requested resource.

What I understood is that some files are accessible by the browser using their absolute path (example the video-js.swf file) but what I did not understand is what I have to do to solve the problem Should I completely forbid the display of these files or I don't know what?

Do you have an idea?

Thank you in advance for your clarifications.
En savoir plus sur ce texte source

Post Reply