Full Disclosure mailing list archives
Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline
From: Hugues Peeters <hugues.peeters () claroline net>
Date: Fri, 19 Aug 2005 22:10:05 +0200
Dear Sir, Your web site states at the address below that our application, Claroline, suffer from several security holes. http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html As I have emailed to the author of this warning four days ago (see my message below), Claroline is NOT concerned by these security holes. The application affected by these problems is DOKEOS (http://www.dokeos.com), not Claroline. Dokeos is a fork of Claroline coded by another development team from nearly two years now. Could you rectify the security warnings you have published as soon as possible ? As the erroneous informations published on your site inflict serious damage on our reputation. Best regards, Hugues Peeters ---- phone : 32 (0) 10 47 85 48 e-mail : hugues.peeters () claroline net web : http://www.claroline.net ---- > Thanks a lot to have warned us of these code vulnerabilities. However > the code you have investigated is the Dokeos application code, a > Claroline fork. > > Two of the for security holes you've identified concern the 'Scorm' > module, which is a proper Dokeos development. Beside, we've tested the > other two identified security holes in our 'Document' module, we've > concluded that Claroline isn't affected by these ones. > > Thanks anyway to have notified us of these security issues. We forward > you warning mail to the concerned development staff. Don't hesitate to > contact us again if you find similar security problems in the original > Claroline application. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline Hugues Peeters (Aug 21)