[BlueOnyx:11121] /icons/: Directory indexing found

Richard Barker rc at probass.com
Wed Aug 8 12:18:42 PET 2012


How does one turn this off?

TCP     443     http
Title: Web server vulnerability Impact: /icons/: Directory indexing 
found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569

TCP     80     http
Title: Web server vulnerability Impact: /icons/: Directory indexing 
found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569

Found this in the httpd.conf
Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
     Options Indexes MultiViews
     AllowOverride None
     Order allow,deny
     Allow from all
</Directory>
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions.  These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^


Thank you in advance,
RC


-- 
+---------------------------------------------+
  Richard C. Barker Sr.
  
+---------------------------------------------+




More information about the Blueonyx mailing list