Has anyone come accross this error on their install of confluence? Our security metics is flagging up that the /webcart/orders/ directories are readable from the outside.
Hey Daniel!
This doesn't look like a directory that's used in the Confluence install directory on disk, or a URL that Confluence serves by default. Additionally, it looks like the error you got from your security tool mentioned CGI - Confluence is written in Java and uses Tomcat (also Java) as its application server. No CGI is involved!
Is is possible there's another application (such as webcart, which is PHP/CGI based) running on the same server or on the same subdomain that your security tool picked up on?
Cheers,
Daniel | Atlassian Support
Hi Daniel.
Many thanks for your response. I'm running a fairly vanilla VM with Windows 2016 datacenter which is hosting our install of Confluence (in a self hosted install) and that's about it.
We use the Nessus vulnerability scanner on all the web servers and this "webcart" app has been flagging up since the start of this year on the public side of our confluence server. I initially looked at the shopping cart software you mentioned too.
It's helpful to know this is not anything to do with Confluence or anything bundled with tomcat, but I can't for the life of me find where this app or folders are. But thanks for ruling this out. I'll keep looking.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Daniel,
I have some more info on this which I posted on this separate thread if you're interested:
https://community.atlassian.com/t5/Confluence-questions/Tomcat-Manager-in-Confluence/qaq-p/1033023?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.