[BlueOnyx:11123] Re: /icons/: Directory indexing found
Michael Stauber
mstauber at blueonyx.it
Wed Aug 8 12:32:23 -05 2012
Hi Richard,
> TCP 443 http
> Title: Web server vulnerability Impact: /icons/: Directory indexing
> found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569
>
> TCP 80 http
> Title: Web server vulnerability Impact: /icons/: Directory indexing
> found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569
>
> Found this in the httpd.conf
> Alias /icons/ "/var/www/icons/"
>
> <Directory "/var/www/icons">
> Options Indexes MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
I just tried http://server.name/icons/ on a BlueOnyx and I get a "The
requested URL was not found on this server." I then tried
http://www.vsite.com/icons/ and get the same.
So this doesn't apply to BlueOnyx.
I then checked Aventurin{e} 6105R and 6106R and there the /icons/
directory is browseable. I wouldn't exactly agree that a directory
traversal of the /icons/ directory is a vulnerability (as it is
non-exploitable). But I'll publish a fix to YUM that'll place an
index.html into these directories.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list