/doc Directory Browsable ? Network Vulnerability

Summary

The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.

Solution

Use access restrictions for the /doc directory. If you use Apache you might use this in your access.conf: <Directory /usr/doc> AllowOverride None order deny,allow deny from all allow from localhost </Directory>

Severity

Classification

CVE CVE-1999-0678

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Apache Tomcat DOS Device Name XSS
Apache Tomcat Information Disclosure Vulnerability

/doc directory browsable ?

Take action and discover your vulnerabilities