Summary
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.
Solution
Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>
and restart Apache.
Severity
Classification
-
CVE CVE-2001-1446 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- ATutor password reminder SQL injection
- Arkeia Appliance Multiple Vulnerabilities
- Adobe ColdFusion Information Disclosure Vulnerability