git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

projects / people / pmueller / ipfire-2.x.git / commit

author	Peter Müller <peter.mueller@link38.eu>
	Sun, 3 Sep 2017 14:14:53 +0000 (16:14 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 4 Sep 2017 11:25:23 +0000 (12:25 +0100)
commit	0effbb3569624f42550310689aaf94d726cd9d0e
tree	39bebf787b38fe0136e4d576145377a9b754b82b	tree \| snapshot
parent	3dcf1822e66ebcf1b58ee3e2f58a437efef9cb23	commit \| diff

fix WebUI system information leak

Disable unauthenticated access to cgi-bin/credits.cgi. The page
leaks the currently installed version of IPFire and the hardware
architecture.

Both information might make a successful attack much easier.

This issue can be reproduced by accessing https://[IPFire-IP]:444/cgi-bin/credits.cgi
and accepting a SSL certificate warning (if any).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/httpd/vhosts.d/ipfire-interface-ssl.conf		diff \| blob \| blame \| history
config/httpd/vhosts.d/ipfire-interface.conf		diff \| blob \| blame \| history

Peter's tree of IPFire 2.x

RSS Atom