NI3
11-04-2003, 12:57 PM
Test ID: 11909
Category: Remote file access
Title: Apache2 double slash dir index
Summary: sends a GET // [Only registered and activated users can see links]
Description:
It is possible to obtain the listing of the content of the
remote web server root by sending the request :
GET // [Only registered and activated users can see links]
This vulnerability usually affects the default Apache
configuration which is shipped with Red Hat Linux, although
it might affect other Linux distributions or other web server.
An attacker may exploit this flaw the browse the content
of the remote web root and possibly find hidden links into it.
Solution : Use index files instead of default welcome pages
Risk Factor : Medium
Copyright: (C) 2003 Tenable Network Security
Cross-Ref: BugTraq ID: 8898
Category: Remote file access
Title: Apache2 double slash dir index
Summary: sends a GET // [Only registered and activated users can see links]
Description:
It is possible to obtain the listing of the content of the
remote web server root by sending the request :
GET // [Only registered and activated users can see links]
This vulnerability usually affects the default Apache
configuration which is shipped with Red Hat Linux, although
it might affect other Linux distributions or other web server.
An attacker may exploit this flaw the browse the content
of the remote web root and possibly find hidden links into it.
Solution : Use index files instead of default welcome pages
Risk Factor : Medium
Copyright: (C) 2003 Tenable Network Security
Cross-Ref: BugTraq ID: 8898