| VID |
21603 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server has an Web directory being identified as a user's home directory. This problem could allow a remote attacker to obtain sensitive information by accessing user profiles or shell history files.
* Note: This check searches for a user's home directory and reports if it finds these files: .login, .profile, .rhosts, .cshrc, .history, .sh_history, .bash_history. These files typically appear in a user's home directory.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
User's home directories should not be used as Web virtual directories. If it's configured so, re-configure the affected HTTP server so that user's home directories are not located within the Web document root directory and its child directories. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
