9 lines
No EOL
817 B
Text
9 lines
No EOL
817 B
Text
source: https://www.securityfocus.com/bid/8898/info
|
|
|
|
The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined to prevent Apache from displaying directory listings with a request for '/'. The server is reported to disclose directory listings even when autoindex for the root directory has been disabled and a default welcome page is supposed to be displayed.
|
|
|
|
Successful exploits will disclose sensitive information that may be useful in further attacks against the system.
|
|
|
|
This problem has been reported to exist in Apache 2.0.40 shipped with Red Hat Linux 9.0. Other versions may be affected as well.
|
|
|
|
http://ip_address:port// |