[VIM] true but: SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability
Steven M. Christey
coley at linus.mitre.org
Thu Feb 1 14:57:27 EST 2007
On Thu, 1 Feb 2007, str0ke wrote:
> But the documentation states.
> Unpack the sips archive file. Sips requires a special directory where it
> stores all kinds of data such as users, stories and php code. This directory
> can be anywhere, but if you can, you should place it outside of the public
> html area of the server, for security reasons.
> So its kind of a coin toss up.
Probably worth noting in the CVE when we make it, but I think it's still
reasonable to track these, since we know how frequently admins would skip
this configuration step - or perhaps be forced into keeping the insecure
configuration due to other factors.
More information about the VIM