question

May-3912 avatar image
0 Votes"
May-3912 asked YiLu-MSFT commented

Drupal "keys" Path Disclosure issue

Hi MS support,

Our Sharepoint site (SP2013) is undergoing security vulnerabilities scan and we have landed on a "Drupal "keys" Path Disclosure" issue. The tool reported that the test response contains absolute paths and/or file names of files on the server.
I could not find any solution for this issue, would be great if anyone has advise on this.


Thank you,
May

office-sharepoint-server-developmentwindows-server-security
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @May-3912

Would you provide some more error information of this issue so that I could search some specified information for the issue?

0 Votes 0 ·

Hi @YiLu-MSFT
Here are the information mentioned in the tool.
Issue Technical Description:
Drupal is vulnerable to path disclosure. By exploiting this issue, an attacker might gain info about the directory structure of the server machine, which allows for further attacks.
Sample exploit: http://[SERVER]/q=search&keys[]=AppScan

Affected Products: Drupal 6.x and 7.x

The tool also mentioned that it is unaware of any fix available, and may check the following security sites for new findings regarding this issue:
CERT Coordination center: http://www.cert.org
Common vulnerabilities and exposures (CVE): http://cve.mitre.org

Unfortunately, I did not find any fixes in the mentioned sites.




0 Votes 0 ·

Hi @May-3912
Thank you for your update, we could find little information about the error in your log, we suggest you open a support ticket about it. It needs more detailed investigation with support team instead of simple troubleshooting via replies in forum.

0 Votes 0 ·

0 Answers