| VID |
22023 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
It is possible to access arbitrary files on the remote web server by appending ~nobody/ in front of their name (as in nobody/etc/passwd).
This problem is due to a misconfiguration in your Apache server that sets UserDir to ./.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10484 |
| Recommendation |
Set UserDir to public_html/ or something else |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
