Common Vulnerabilities and Exposures (CVE)

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

Typical severity: Medium

Prerequisites: The target must be misconfigured to return a list of a directory's content when it receives a request that ends in a directory name rather than a file name. The adversary must be able to control the path that is requested of the target. The administrator must have failed to properly configure an ACL or has associated an overly permissive ACL with a particular directory. The server version or patch level must not inherently prevent known directory listing attacks from working.

Solutions: 1. Using blank index.html: putting blank index.html simply prevent directory listings from displaying to site visitors. 2. Preventing with .htaccess in Apache web server: In .htaccess, write "Options-indexes". 3. Suppressing error messages: using error 403 "Forbidden" message exactly like error 404 "Not Found" message.

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

Typical severity: Very High

Prerequisites: The adversary needs at least a few minutes of physical access to a system with an open Thunderbolt port, version 3 or lower, and an external thunderbolt device controlled by the adversary with maliciously crafted software and firmware, via an SPI Programming device, to exploit weaknesses in security protections.

Solutions: Implementation: Kernel Direct Memory Access Protection Configuration: Enable UEFI option USB Passthrough mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface Configuration: Enable UEFI option DisplayPort mode - Thunderbolt 3 system port operates as video-only DP interface Configuration: Enable UEFI option Mixed USB/DisplayPort mode - Thunderbolt 3 system port operates as USB 3.1 Type C interface with support for DP mode Configuration: Set Security Level to SL3 for Thunderbolt 2 system port Configuration: Disable PCIe tunneling to set Security Level to SL3 Configuration: Disable Boot Camp upon MacOS systems