Http Vulnerability reported, Valid Directory Determination

Solution Unverified - Updated -

Issue

Hi Redhat Team,

We are currently facing vulnerability on below redhat supported version of apache.

Version : 2.2.3 Vendor: Red Hat, Inc.
Release : 63.el5_8.1

Vulnerability reported:

  1. Valid Directory Determination
    The web server allowed the verification of existing directories based on deterministic error messages returned when a default index file was not present within the requested directory. Any directory that did not contain a default index file was vulnerable. An example directory is listed below.

Please let us know how to fix this vulnerability.

Environment

Red Hat Enterprise Linux
5.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content