Http Vulnerability reported, Valid Directory Determination
Issue
Hi Redhat Team,
We are currently facing vulnerability on below redhat supported version of apache.
Version : 2.2.3 Vendor: Red Hat, Inc.
Release : 63.el5_8.1
Vulnerability reported:
- Valid Directory Determination
The web server allowed the verification of existing directories based on deterministic error messages returned when a default index file was not present within the requested directory. Any directory that did not contain a default index file was vulnerable. An example directory is listed below.
Please let us know how to fix this vulnerability.
Environment
Red Hat Enterprise Linux
5.7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.