| VID |
22227 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server has a directory listing vulnerability via a double slash. By using double slash characters (//) in a URL request, a remote attacker could obtain the listing of the content of the web root directory on the affected Web server. This vulnerability usually affects the default Apache configuration which is shipped with Red Hat Linux, although it might affect other Linux distributions or other web server. An attacker may exploit this flaw the browse the content of the affected web root and possibly find hidden links into it.
* References:
http://www.securityfocus.com/archive/1/342578
* Platforms Affected:
Apache HTTP server 2.x
Red Hat Linux |
| Recommendation |
Use index files instead of default Welcome pages. |
| Related URL |
CVE-2003-1138 (CVE) |
| Related URL |
8898 (SecurityFocus) |
| Related URL |
(ISS) |
|
