October '11

20

Posted by

in Security

Piwik Response to CVE-2011-3791

The path disclosure weakness described in CVE-2011-3791 does not affect Piwik 1.1.

Beginning with Piwik 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to
prevent direct access to .php files. Users upgrading from an earlier beta version of Piwik, or using a different web server, should consult their web server’s configuration guide.

Please note “path disclosure vulnerabilities” do not qualify for Piwik’s Security Bug Bounty Program.

Reference: CVE-2011-3791

About author
piwik team member

Anthon Pang

Anthon is a Software Developer from Canada and an active Piwik team member since 2007. He has contributed some of the earliest and most critical code in Piwik, such as the Javascript Tracker. Anthon also built and maintains our QA infrastructure.

Like what you read?

Subscribe to our rss feed: Posts or you can Suggest a topic to write about in the blog or See list of Features