search

2sn / starfit-server

Configuration repo for StarFit server
0 stars 0 forks source link

Open Redirect Vulnerability #44

Closed conradtchan closed 1 year ago

conradtchan commented 1 year ago

From Monash Cybersecurity:

Hi Conrad,

The Monash Cybersecurity Team has detected a security vulnerability in your instance below:

VM IP: 118.138.244.17
VM Name: StarFit Testing
Project: Stellar_Nucleosynthesis
Vulnerability: Open Redirect Vulnerability
Accessing the following URL http://118.138.244.17/.evil.com will redirect the user
to an external/malicious site. 

If you're using apache and using mod_rewrite, this link could be useful:
https://www.acunetix.com/vulnerabilities/web/apache-mod_rewrite-open-redirect/
Can you please look into this issue ASAP?

Regards,

Jerico

This can be fixed by updating to latest Apache.

dliptai commented 1 year ago

Seems to already be up to date:

[fedora@starfit ~]$ dnf info httpd
Installed Packages
Name         : httpd
Version      : 2.4.54
Release      : 3.fc36
Architecture : x86_64
Size         : 60 k
Source       : httpd-2.4.54-3.fc36.src.rpm
Repository   : @System
From repo    : updates
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient, and extensible
             : web server.
2sn commented 1 year ago

seems to be resolved.