Summary
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.
Solution
Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>
and restart Apache.
Severity
Classification
-
CVE CVE-2001-1446 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- AdaptBB Multiple Input Validation Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability