Apache 1.3 - Directory Index Disclosure

EDB-ID:

21002


Author:

Kevin

Type:

remote


Platform:

Multiple

Date:

2001-07-10


source: https://www.securityfocus.com/bid/3009/info

A possible vulnerability exists in Apache that could cause directory contents to be disclosed when directory indexing is enabled, despite the presence of an 'index.html' file.

The problem is likely the result of an error in "multiview" functionality provided as part of Apache's content negotiation support. Exploitation of this problem may lead to the dislosure of sensitive information to attackers. 

http://target-webserver/?M=A
http://target-webserver/?S=D