Hello, some directories would reveal app information?

rucko24 · February 2, 2017, 12:12am

When accessing this links in the browser I get this, In my company we are very concerned about those links that lead to nothing.

https://demo.vaadin.com/dashboard/UIDL/?v-uiId=2

I really want to know if those directories or the information you show could cause my application to be vulnerable

http://my-app/VAADIN/themes/valo/fonts
http://my-app/VAADIN/themes/valo/fonts/roboto
http://my-app/VAADIN/themes/valo
http://my-app/VAADIN/themes/valo/shared
http://my-app/VAADIN/themes/valo/shared/img
http://my-app/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet

http://my-app/UIDL/?v-uiId=2
http://my-app/HEARTBEAT/?v-uid=0
http://my-app/HEARTBEAT/?v-uid=1
http://my-app/HEARTBEAT/?v-uiId=1
http://my-app/AAP
http://my-app/cdn-cgi
http://my-app/cdn-cgi/images

ollit.1 · February 2, 2017, 6:31am

Hi,

it’s really just theme information (CSS files, images, etc) and the things the application uses to communicate. Nothing that you wouldn’t be able to see in the app UI anyway. The application state still stays on the server.

Best regards,
Olli

rucko24 · February 2, 2017, 2:01pm

Thanks,
For any examples of how I could redirect my users to a main error page?

Which would be more recommended? Because my app has VaadinCDIServlet, include springsecurity? would be good idea?