[tor-bugs] #22947 [Webpages/Blog]: Possible Security Issue (Information Disclosure) with Drupal on blog.torproject.org

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 16 21:02:23 UTC 2017


#22947: Possible Security Issue (Information Disclosure) with Drupal on
blog.torproject.org
---------------------------+----------------------
 Reporter:  cypherpunks    |          Owner:  hiro
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:
Component:  Webpages/Blog  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:  security       |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+----------------------

Comment (by cypherpunks):

 After trying a bit to reproduce this, I failed to do so. This may nave
 been a transient bug due to restoring a tab from a previous session (maybe
 Firefox did something weird with a header in the request and the server-
 side scripting didn't like it?) or maybe someone was poking the Drupal
 backend at the same time I was loading the page?

 Either way, someone may want to look at the Drupal config and at least
 make sure server-side issues don't get spit out into the HTML served to
 the client.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22947#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list