connect icon indicating copy to clipboard operation
connect copied to clipboard

Published 20 hours ago verified publisher icon nextgenhealthcare

[SECURITY] Directory listing on Jetty web server

Open mlarcelet opened this issue 2 years ago • 0 comments

Describe the security issue MirthConnect Web portal and API : the Jetty web server is configured to automatically list the contents of directories that do not have an index page present (category CWE-548) examples : image

Vulnerability Location Jetty web server

Environment

  • OS: Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-122-generic x86_64)
  • Java Distribution/Version : OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
  • Connect Version : 4.01

Suggested remediation https://webtide.com/indexing-listing-vulnerability-in-jetty/

mlarcelet avatar Jul 29 '22 08:07 mlarcelet