Fix "Apache Multiviews Arbitrary Directory Listing" vulnerability in Red Hat Capsule 6.9 and later
Issue
- Apache Multiviews Arbitrary Directory Listing issue has been reported by external security scanners.
- Arbitrary directory listing exploit reported for URLs such as
https://capsule.example.com/
,https://capsule.example.com/?M=A
,https://capsule.example.com/html/
andhttps://capsule.example.com/cgi-bin/
. - Security scanners have specifically flagged CVE-2001-0731.
- VA Scan reported
QID-86445
orQID-86044
. - Browsable directories
- Directories or files are discoverable.
Environment
- Red Hat Satellite
- 6.11
- 6.12
- 6.13
- 6.14
- 6.15
- Red Hat Satellite Capsule Server
- Accessing Capsule Server using a URL with a directory path such as
/
,/html/
,/cgi-bin/
, etc.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.