| VID |
22005 |
| Severity |
30 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled contains a feature called Directory Indexing. This feature displays a directory listing via 'INDEX' request, and could allow a remote attacker to retrieve lists of file names (such as CGI scripts) within the web directory.
It is possible to obtain directory listing on the remote web server by issuing command:
INDEX / HTTP/1.0
* References:
http://www.iss.net/security_center/static/5997.php
http://www.securityfocus.com/bid/2285 |
| Recommendation |
Workaround is to disable Web Publishing, or disable INDEX request (which will, most likely, break web publishing feature).
To turn off Directory Indexing feature via the Administration Interface:
1. Open the Administration Interface.
2. Click Content Management, Document Preferences.
3. Set Directory Indexing to None. |
| Related URL |
CVE-2001-0250 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
