Forum Index  ViceVersa HOME         FAQ and Knowledge Base

 FAQForum FAQ   SearchSearch Forum  RegisterRegister 
 ProfileProfile   Log inLog in 

Nonexistent Page Physical Path Disclosure

 
Post new topic   Reply to topic     Forum Index -> Support
Author Message
JP
Guest





PostPosted: Thu Feb 03, 2022 5:50 pm    Post subject: Nonexistent Page Physical Path Disclosure Reply with quote

the powers above do security scans on our servers. we are using VVengine 2.1 and it has the Nonexistent Page Physical Path Disclosure vulnerability.

is there a patch to fix this, or how would i disable the debug message

example i go to mohave17:8001/empty
it responds back
VVEngine resource not found
C:\Program Files (x86)\VVEngine\html\empty

Thanks
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8481

PostPosted: Thu Feb 03, 2022 11:17 pm    Post subject: Reply with quote

Hi, recommend updating to the latest version/build:
VVEngine 2.2 (Build 2250 - Nov 2021)

However, this same behavior is still present. I am not sure it's an issue as VVEngine is not a web application or a public web server, but we can look into this for the next build of VVEngine. VVEngine will only serve via its application a few encrypted pages in the HTML folder and nothing else.
_________________
--
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com
Back to top
TGRMN Software
Site Admin


Joined: 10 Jan 2005
Posts: 8481

PostPosted: Thu Feb 03, 2022 11:29 pm    Post subject: Reply with quote

https://owasp.org/www-community/attacks/Full_Path_Disclosure

This vulnerability seems to apply only to web servers with PHP.
We do scan VVEngine with various vulnerability tools.

thanks

--
www.tgrmn.com
Back to top
Display posts from previous:   
Post new topic   Reply to topic     Forum Index -> Support All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © phpBB Group
Copyright © TGRMN Software. TGRMN Software products: