Exploit RedHat Apache 2.0.40 - Directory Index Default Configuration Error

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23296
Проверка EDB
  1. Пройдено
Автор
TFM
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2003-1138
Дата публикации
2003-10-27
Код:
source: https://www.securityfocus.com/bid/8898/info

The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//' characters, evading the rule desgined to prevent Apache from displaying directory listings with a request for '/'. The server is reported to disclose directory listings even when autoindex for the root directory has been disabled and a default welcome page is supposed to be displayed.

Successful exploits will disclose sensitive information that may be useful in further attacks against the system.

This problem has been reported to exist in Apache 2.0.40 shipped with Red Hat Linux 9.0. Other versions may be affected as well. 

http://ip_address:port//
 
Источник
www.exploit-db.com

Похожие темы