Closed mamema closed 8 months ago
I'll have to try and find what section you are talking about with a bad email. But just report what you have here.
i mean your own security seciton here: https://github.com/jwetzell/docker-guacamole/security ...and no, vulnerability issues public reporting isn't a good thing. Talk public AFTER fixing it.
This is a forked repository. I didn't see that doc and have removed it as nothing in there is relevant to this fork. You can send information to me@jwetzell.com if you think the vulnerability lies in this bundling of Apache Guacamole.
Tomcat has been updated to 9.0.85 and default files cleaned out.
thanks
From: Joel Wetzell @.> Sent: Wednesday, February 7, 2024 1:59 PM To: jwetzell/docker-guacamole @.> Cc: mamema @.>; Author @.> Subject: Re: [jwetzell/docker-guacamole] Security issue - Email is the same as from the forked repo (Issue #37)
Closed #37https://github.com/jwetzell/docker-guacamole/issues/37 as completed.
— Reply to this email directly, view it on GitHubhttps://github.com/jwetzell/docker-guacamole/issues/37#event-11738347372, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEOWCGHVJRPMQ7VLIWUHV5DYSP2MPAVCNFSM6AAAAABC5SJTEWVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRG4ZTQMZUG4ZTOMQ. You are receiving this because you authored the thread.Message ID: @.***>
Hi Joel,
scan from today:
Description The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself. Solution Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page. See Also http://www.nessus.org/u?4cb3b4dd https://www.owasp.org/index.php/Securing_tomcat Output
*
The server is not configured to return a custom page in the event of a client requesting a non-existent resource. This may result in a potential disclosure of sensitive information about the server to attackers.
so it seems the default files are somwehere still there... FYI
Best regards
Matt
From: Joel Wetzell @.> Sent: Wednesday, February 7, 2024 1:59 PM To: jwetzell/docker-guacamole @.> Cc: mamema @.>; Author @.> Subject: Re: [jwetzell/docker-guacamole] Security issue - Email is the same as from the forked repo (Issue #37)
Tomcat has been updated to 9.0.85 and default files cleaned out.
— Reply to this email directly, view it on GitHubhttps://github.com/jwetzell/docker-guacamole/issues/37#issuecomment-1933007661, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEOWCGDYEOHXUQ3MLXXZGZDYSP2MTAVCNFSM6AAAAABC5SJTEWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZTGAYDONRWGE. You are receiving this because you authored the thread.
If you can point to the default files in the container that should be removed I will remove them.
Describe Your Problem: i would like to repport a security issue. But i don't think the email linked in the "Security Reporting" afrea is still valid.
Please provide actual contact information