Summary
The /doc directory is browsable.
/doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.
Solution
Use access restrictions for the /doc directory.
If you use Apache you might use this in your access.conf:
<Directory /usr/doc>
AllowOverride None
order deny,allow
deny from all
allow from localhost
</Directory>
Severity
Classification
-
CVE CVE-1999-0678 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities