| VID |
22142 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browsable. An attacker can use this vulnerability to browse the /perl/ directory and obtain access to sensitive system files.
* Platforms Affected:
Mandrake Linux 6.1
Mandrake Linux 7.0
Mandrake Linux 7.1
* References:
http://www.iss.net/security_center/static/5257.php
http://online.securityfocus.com/bid/1678 |
| Recommendation |
As a workaround, add the "Indexes" directive to the Options command, thus making /perl directory non-browseable in httpd.conf or mod_perl.conf such as the follow.
<Directory /perl>
Options Indexes
</Directory>
Usually the configuration files each locate at /etc/httpd/conf/httpd.conf and /etc/httpd/conf/addon-modules/mod_perl.conf.
-- OR --
For Linux-Mandrake Any versions:
Apply the appropriate update package for your system, as listed in MandrakeSoft Security Advisory MDKSA-2000:046, http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2000:046
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2000-0883 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
