| VID |
22029 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
When the remote web server is issued with a lower-cased "get" request it will return a directory listing even if a default page such as index.html is present.
Example :
get / HTTP/1.0
Will return a listing of the root directory.
This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not intended to be visible.
* References:
http://www.iss.net/security_center/static/1731.php |
| Recommendation |
Upgrade your server to the latest version. |
| Related URL |
CVE-1999-0239 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
