Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   How to prevent file path leaks on a 404 page, posted by Rich Loring on Tue May 12 15:53:17 2020 
    icon2.gif   Re: How to prevent file path leaks on a 404 page, posted by Stefan Ritt on Tue Aug 4 13:44:01 2020 
       icon2.gif   Re: How to prevent file path leaks on a 404 page, posted by Stefan Ritt on Wed Aug 26 20:44:38 2020 
Message ID: 69206     Entry time: Wed Aug 26 20:44:38 2020     In reply to: 69194
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Question  OS: Linux  ELOG Version: 3.1.4 
Subject: Re: How to prevent file path leaks on a 404 page 

A new RPM has been released at https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm containing that fix.

Stefan Ritt wrote:

I removed the version info from the 404 error, but you have to recompile elogd from sources. The fix will be included in the next RPM, but that can usually take a few weeks.

Rich Loring wrote:

Hello,

We used the Elog RPM binary installation method to install Elog. Our security scanners are complaining that Elog discloses the version information when you hit a missing page (404 error).  How can I hide this version info? Is there a snippet of code somewhere that I can comment out?

Any help is appreciated.

-Rich

 

 

ELOG V3.1.4-80633ba