rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Alps

Pages: 1
1
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 03, 2025, 06:23:26 PM »
Not only my credits.
Was only a idea from me.
I not have the knowledge for security relevance.
Without LeoNeeson we not have this solution.

2
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 01, 2025, 09:31:48 PM »
This sounds all great  :)
Maybe this is the best solution.
I am Happy can now use hfs again after 6 months break.  :D

In changelogs from "j" "k" "m" i not read security fixes.
versions down to 2.3i now also safe with macro off ?

in a russian forum i found also a solution including fixed hfs download
maybe it is interesting for you.
http://forum.ru-board.com/topic.cgi?forum=5&topic=13365&start=1940#11
i not know how safe it is.

Macro off is the best way for me.

3
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 01, 2025, 03:42:34 AM »
Very thanks for reply.

ok, as you say browsable not helps with this vulnerability "setting in hfs window part "virtual file system" " /Home Right click/properties/flags deactivate Browsable"

If i switch it off, user become message.
!Forbidden
or||!This resource is not accessible.

And it not only deactivate searchbox, it also deactivate search direct link.
Example
http://0.0.0.0:80/?search=test

If i switch also macro off.
Comes also
!Forbidden
or||!This resource is not accessible.

In this case it is better switch macro off and browsable on ? (The last years browsable off was my default setting)

I have a rootserver, and hfs was a important part, of course i can not use old hfs before have a safe solution.
HFS 3 is not a solution for me.

If macro off is a really safe solution, it is perfect for me, i need only direct linking.

Is a easy way possible for test this vulnerability ?

4
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: December 31, 2024, 04:49:22 AM »
Maybe can fix this security problem with different settings or template modification or macro deactivation ?
Maybe i am wrong, but it sounds the problem is in template and search function.

In hfs /Home Right click/properties/ deactivate Browsable
It deactivate browse page, search and other. (Files can download now only with direct link)
Probably this is not a solution, but i think the profis here know it better.

Can it help ?

Pages: 1