Web Servers : Apache HTTP Server Multiple '/' Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10440

Categoría: Web Servers

Título: Apache HTTP Server Multiple '/' Vulnerability

Resumen: Certain versions of Apache HTTP Server for Win32 have a; bug wherein remote users can list directory entries.

Descripción: Summary:
Certain versions of Apache HTTP Server for Win32 have a
bug wherein remote users can list directory entries.

Vulnerability Insight:
Specifically, by appending multiple /'s to the HTTP GET
command, the remote Apache server will list all files and subdirectories within the web
root (as defined in httpd.conf).

Solution:
Update to the most recent version of Apache HTTP Server.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: BugTraq ID: 1284
Common Vulnerability Exposure (CVE) ID: CVE-2000-0505
http://www.securityfocus.com/bid/1284
Bugtraq: 20000603 Re: IBM HTTP SERVER / APACHE (Google Search)
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
XForce ISS Database: ibm-http-file-retrieve(4575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/4575

Copyright Copyright (C) 2000 John Lampe

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10440
Categoría:	Web Servers
Título:	Apache HTTP Server Multiple '/' Vulnerability
Resumen:	Certain versions of Apache HTTP Server for Win32 have a; bug wherein remote users can list directory entries.
Descripción:	Summary: Certain versions of Apache HTTP Server for Win32 have a bug wherein remote users can list directory entries. Vulnerability Insight: Specifically, by appending multiple /'s to the HTTP GET command, the remote Apache server will list all files and subdirectories within the web root (as defined in httpd.conf). Solution: Update to the most recent version of Apache HTTP Server. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	BugTraq ID: 1284 Common Vulnerability Exposure (CVE) ID: CVE-2000-0505 http://www.securityfocus.com/bid/1284 Bugtraq: 20000603 Re: IBM HTTP SERVER / APACHE (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E XForce ISS Database: ibm-http-file-retrieve(4575) https://exchange.xforce.ibmcloud.com/vulnerabilities/4575
Copyright	Copyright (C) 2000 John Lampe