0000205: [security bug] information gathering

ID	Project	Category	View Status	Date Submitted	Last Update

0000205	Main CAcert Website	website content	public	2006-04-16 10:43	2013-11-20 22:23

Reporter	blshkv	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Fixed in Version	2006

Summary	0000205: [security bug] information gathering
Description	An attacker can get an additional information about the system by adding CVS to the directory. For example: http://www.test1.cacert.at/CVS/Entries http://www.test1.cacert.at/account/CVS/Entries
Tags	No tags attached.

Reviewed by
Test Instructions

duane 2006-04-21 06:48 developer ~0000167	chmod 700 `find\|grep CVS$`

~~bluec~~ 2006-04-24 05:20 manager ~0000193	Changes not yet visible in tarball.

Sourcerer 2009-04-26 16:27 administrator ~0001383	Fixed again with 2 new directories and should be reviewed regularly

Date Modified	Username	Field	Change
2006-04-16 10:43	blshkv	New Issue
2006-04-21 06:48	duane	Status	new => closed
2006-04-21 06:48	duane	Note Added: 0000167
2006-04-21 06:48	duane	Resolution	open => fixed
2006-04-21 06:48	duane	Fixed in Version	=> production
2006-04-24 05:20	~~bluec~~	Note Added: 0000193
2006-04-24 05:20	~~bluec~~	Assigned To	=> bluec
2006-04-24 05:20	~~bluec~~	Status	closed => needs work
2009-04-26 16:27	Sourcerer	Note Added: 0001383
2010-07-27 15:31	Sourcerer	Status	needs work => closed
2013-01-14 03:35	Werner Dworak	Assigned To	bluec =>
2013-01-14 03:35	Werner Dworak	Fixed in Version	=> 2006
2013-11-20 22:23	NEOatNHNG	View Status	private => public