Summary
By making a request to the Apache web server ending in '?M=A' it is sometimes possible to obtain a directory listing even if an index.html file is present.
It appears that it is possible to retrieve a directory listing from the root of the Apache web server being tested. However, this could be because there is no 'index.html' or similar default file present.
Solution
Unless it is required, turn off Indexing by making the appropriate changes to your httpd.conf file.
Severity
Classification
-
CVE CVE-2001-0731 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011