[VIM] true but: SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability

Steven M. Christey coley at linus.mitre.org
Thu Feb 1 14:57:27 EST 2007


On Thu, 1 Feb 2007, str0ke wrote:

> But the documentation states.
>
> Unpack the sips archive file. Sips requires a special directory where it
> stores all kinds of data such as users, stories and php code. This directory
> can be anywhere, but if you can, you should place it outside of the public
> html area of the server, for security reasons.
>
> So its kind of a coin toss up.


Probably worth noting in the CVE when we make it, but I think it's still
reasonable to track these, since we know how frequently admins would skip
this configuration step - or perhaps be forced into keeping the insecure
configuration due to other factors.

- Steve


More information about the VIM mailing list