Restrict access to "data/admin/users"

Restrict access to "data/admin/users"

by helen y -
Number of replies: 1

IBM Rational AppScan 8.5.0.1 was run on my moodle site and I got the following: any ideas on what measure should be taken? 

[1 of 1] CMME Information Disclosure
Severity: High
Test Type: Application
Vulnerable URL: https://myurl/
CVE ID(s): N/A
CWE ID(s): N/A
Remediation Tasks: Restrict access to "data/admin/users"

I tried to find "data/admin/users"  but the closest I could find was "admin/users"  folder which is found in the root moodle directory. 

where could i find this folder, "data/admin/users"  

will  Restricting  access to this folder affect my site? 

thanks,

 

Average of ratings: -
In reply to helen y

Re: Restrict access to "data/admin/users"

by Ken Task -
Picture of Particularly helpful Moodlers

Hmmmm ... strange ... but wonder if what you ran found another app (CMME stands for Conent Management Made Easy) - evidenly, made easy to exploit also! ;)  Maybe it's a 'false positive' reported by IBM Rational AppScan 8.5.0.1?

Is your version of Moodle the highest/most secure of the series you run?

Usually, one might find similar reference in another ... like:

http://www.cvedetails.com/vulnerability-list/vendor_id-2105/product_id-3590/

'spirit of sharing', Ken

 

Average of ratings: -