| VID |
22084 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that allows a remote attacker to disclose sensitive system files including the httpd.conf file, if a restricted access to the server status report is not enabled when using those features. A malicious user viewing this information may be able to use it to stage further attacks on the server.
Redhat Stronghold Secure Web Server is a web server based on the Apache source and designed to be robust and secure.
By trying the following URLs, an attacker can gather sensitive information:
http://target/stronghold-info
http://target/stronghold-status
These URLs are not enabled in the default installation. But please test that this attack can be performed after a default installation. |
| Recommendation |
This problem has been patched in build 3015 of Stronghold.
The Stronghold Administration guide suggests making the following changes to httpd.conf to deny access to outside parties:
1) Locate the following container in httpd.conf:
<Location /stronghold-status>
SetHandler server-status
</Location>
2) Add the following inside the container:
order deny,allow
deny from all
allow from .your.domain |
| Related URL |
CVE-2001-0868 (CVE) |
| Related URL |
3577 (SecurityFocus) |
| Related URL |
7582 (ISS) |
|
