|
Family: Remote file access --> Category: infos
Check for Apache Multiple / vulnerability Vulnerability Scan
Vulnerability Scan Summary Send multiple /'s to Windows Apache Server
Detailed Explanation for this Vulnerability Test
Synopsis:
It is possible to obtain the list of the contents of the remote directory.
Description :
Certain versions of Apache for Win32 have a bug wherein remote users
can list directory entries. Specifically, by appending multiple /'s
to the HTTP GET command, the remote Apache server will list all files
and subdirectories within the web root (as defined in httpd.conf).
Solution :
Upgrade to the most recent version of Apache at www.apache.org
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|