Summary
MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files.
Solution
Use a <FilesMatch> directive in httpd.conf to restrict access to 'hidden' files:
<FilesMatch '^\.'>
Order allow, deny
Deny from all
</FilesMatch>
And restart Apache.
Severity
Classification
-
CVE CVE-2001-1446 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Allegro RomPager `Misfortune Cookie` Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- ATutor password reminder SQL injection