|
Family: CGI abuses --> Category: infos
MacOS X Finder reveals contents of Apache Web directories Vulnerability Scan
Vulnerability Scan Summary Checks for .DS_Store
Detailed Explanation for this Vulnerability Test
MacOS X creates a hidden file, '.DS_Store' in each directory that has
been viewed with the 'Finder'. This file contains a list of the
contents of the directory, giving a possible hacker information on the
structure and contents of your website.
Solution: Use a directive in httpd.conf to forbid
retrieval of this file:
Order allow, deny
Deny from all
and restart Apache.
Threat Level: Medium
(possibly High depending on the sensitivity of your web content)
References:
www.macintouch.com/mosxreaderreports46.html
Click HERE for more information and discussions on this network vulnerability scan.
|