| VID |
14064 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Apache Web Server allows access to file system besides web documents. this can be serious security problems. for example, if system's root direcoty(/) is linked, all file system' file can be accessed with the permission of the user who runs Web server.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Open httpd.conf and delete 'FollowSymLinks' options
# vi httpd.conf
<Directory />
Options FollowSymLinks <- delete
AllowOverride None
</Directory> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
