DGC uses its software cyberscan.io® to discover thousands of websites (23,395 domains and 41,252 subdomains) affected by an already known vulnerability in the so-called “.git directory”. In total, 6,927,416 domains and subdomains from Germany were scanned with extended routine scans.
The problem here is a faulty configuration of the web server, which allows unauthorized persons to download data from the directory. Often sensitive data (e.g. source codes, databases, server contents, logs, as well as various passwords and accesses) are stored in the .git directory and can thus be extracted.
Note: Due to the widespread use of Git, there are also corresponding tools to automatically detect and exploit this vulnerability. Therefore, we recommend closing this vulnerability as soon as possible.
How can affected parties find out if their .git directory is publicly accessible?
The easiest way to do so is to use a vulnerability scanner. Our cyberscan.io® software shows you the vulnerability under the Vul ID 111084.
To manually find out if a domain is affected, you first have to insert the domain in the address line and enter the path behind it to access the .git directory (example: https://www.Meine-Domain.de/.git/HEAD).
If an error message follows your request, the path to the .git directory does not exist or has been secured. If, on the other hand, you receive a message that reads, for example, “ref: refs/heads/master”, you are affected by this vulnerability and should reconfigure the web server accordingly.
Note: We contact those affected by means of an automated email so that they can close the gap as quickly as possible. Together, we are getting a little closer to our goal of making the Internet a little safer every day.
How can those affected close the vulnerability?
For this vulnerability, we have prepared a blog entry for you with the solutions for the most common web servers.
Link: Blog entry: Configure diverse web servers correctly regarding the .git directory