Piwik Response to CVE-2011-3791

Share on Twitter Share on Facebook

The path disclosure weakness described in CVE-2011-3791 does not affect Piwik 1.1.

Beginning with Piwik 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to
prevent direct access to .php files. Users upgrading from an earlier beta version of Piwik, or using a different web server, should consult their web server's configuration guide.

Please note "path disclosure vulnerabilities" do not qualify for Piwik's Security Bug Bounty Program.

Reference: CVE-2011-3791

This entry was posted by Anthon on Thursday, October 20th, 2011 ; category Security ; RSS comments.

Comments are closed.

Due to spam, comments are closed after 3 weeks. Please contact us if you have any feedback!

Entries (RSS)