MacOS X Finder Reveals Contents Of Apache Web Files Network Vulnerability

Summary

MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files.

Solution

Use a <FilesMatch> directive in httpd.conf to restrict access to 'hidden' files: <FilesMatch '^\.'> Order allow, deny Deny from all </FilesMatch> And restart Apache.

Severity

Classification

CVE CVE-2001-1446

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
AdaptBB Multiple Input Validation Vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability

MacOS X Finder reveals contents of Apache Web files

Take action and discover your vulnerabilities