Apache Multiviews Arbitrary Directory Listing
Issue
-
The Apache web server running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, by sending a crafted request, to display a listing of a remote directory, even if a valid index file exists in the directory.
-
Ports: tcp/80, tcp/8088
-
Nessus was able to exploit the issue using the following request :
http://10.159.40.17:8088/?M=A
This produced the following truncated output (limited to 10 lines) : ------------------------------ snip ------------------------------ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <table> <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr> <tr><th colspan="5"><hr></th></tr> [...]
Environment
- Red Hat OpenStack Platform Version 9.0
- Red Hat Satellite 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.