Fix "Apache Multiviews Arbitrary Directory Listing" vulnerability in Red Hat Capsule 6.9 and later

Solution Verified - Updated -

Issue

  • Apache Multiviews Arbitrary Directory Listing issue has been reported by external security scanners.
  • Arbitrary directory listing exploit reported for URLs such as https://capsule.example.com/, https://capsule.example.com/?M=A, https://capsule.example.com/html/ and https://capsule.example.com/cgi-bin/.
  • Security scanners have specifically flagged CVE-2001-0731.
  • VA Scan reported QID-86445 or QID-86044.
  • Browsable directories
  • Directories or files are discoverable.

Environment

  • Red Hat Satellite
    • 6.11
    • 6.12
    • 6.13
    • 6.14
    • 6.15
  • Red Hat Satellite Capsule Server
  • Accessing Capsule Server using a URL with a directory path such as /, /html/, /cgi-bin/, etc.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content