Cloudflare: Bug Report

2014-05-06T04:34:33
ID H1:10975
Type hackerone
Reporter thalaivarsubu
Modified 2016-06-16T14:24:16

Description

Vulnerability description mod_negotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. This behaviour can help an attacker to learn more about his target, for example, generate a list of base names, generate a list of interesting extensions, look for backup files and so on. Affected items https://www.cloudflare.com/ The impact of this vulnerability Possible information disclosure: directory listing, filename bruteforcing, backup files.

How to fix this vulnerability Disable the MultiViews directive from Apache's configuration file and restart Apache. You can disable MultiViews by creating a .htaccess file containing the following line: Options -Multiviews

Vulnerability description This server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or an WAF (Web Application Firewall). Acunetix WVS detected this by sending various malicious payloads and detecting changes in the response code, headers and body. Affected items https://www.cloudflare.com/ The impact of this vulnerability You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few attempts.

How to fix this vulnerability If possible, it's recommended to scan an internal (development) version of the web application where the WAF is not active.