Http Vulnerability reported, Valid Directory Determination

Solution Unverified - Updated -

Issue

Hi Redhat Team,

We are currently facing vulnerability on below redhat supported version of apache.

Version : 2.2.3 Vendor: Red Hat, Inc.
Release : 63.el5_8.1

Vulnerability reported:

  1. Valid Directory Determination
    The web server allowed the verification of existing directories based on deterministic error messages returned when a default index file was not present within the requested directory. Any directory that did not contain a default index file was vulnerable. An example directory is listed below.

Please let us know how to fix this vulnerability.

Environment

Red Hat Enterprise Linux
5.7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.