This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Exception Handling in Palo Alto Support Page 7/22/2021

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Exception Handling in Palo Alto Support Page 7/22/2021

EdwardDaga
L0 Member

‎07-22-2021 08:19 PM

Hello Palo Alto Team,

I would like to bring this up with you.

I noticed that your support page went down today 7/22/2021 and that is fine. What worries me is the way your system handles exception. I think you are exposing to much that end user like myself has no business reading.

1. No connection could be made because the target machine actively refused it 10.142.69.9:3306

Here you are exposing the private IP of your internal server and the port that it is listening to.

2. [MySqlException (0x80004005): Unable to connect to any of the specified MySQL hosts.]

You are exposing to the Internet that you are using MySQL

3. Csp.Infrastructure.Data.Persistence.Configuration.SessionSourceConfiguration.CreateSessionSource(PersistenceModel model) in C:\JenkinsWorkspace\CSP-GCP\CustomerSupportPortal\Csp.Infrastructure.Data\Persistence\Configuration\SessionSourceConfiguration.cs:36
Csp.Infrastructure.Data.Persistence.Configuration.SessionSourceConfiguration..ctor(IApplicationSettings applicationSettings, IConnectionStrings connectionStrings, IPreInsertEventListener preInsertEventListener, IPreUpdateEventListener preUpdateEventListener) in C:\JenkinsWorkspace\CSP-GCP\CustomerSupportPortal\Csp.Infrastructure.Data\Persistence\Configuration\SessionSourceConfiguration.cs:18
lambda_method(Closure , Object[] ) +134

And third you are exposing directories.

I am no web developer myself but I felt that this information are too much for most users of your support page. This could expose you to bad actors that knows what they're doing. Let's make it hard for them!....


Sincerely,

Edward T. Daga CISSP, PCNSE, CCNP

 

0 Likes Likes
1 REPLY 1

jdelio
L7 Applicator

‎07-23-2021 09:15 AM

Thank you so much for your feedback on the Support Site outage. 

I am forwarding this to them to ensure that we are limiting any exposure of this information to the general public. 

Thanks again, and this is just part of the feedback we love to hear from you.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 2020 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks