Apache for Windows Multiple Forward Slash Directory Listing

Copyright 2000-2012 John Lampe....j_lampe@bellsouth.net


Synopsis :

It is possible to obtain the list of the contents of the remote
directory.

Description :

Certain versions of Apache for Win32 have a bug wherein remote users
can list directory entries. Specifically, by appending multiple /'s
to the HTTP GET command, the remote Apache server will list all files
and subdirectories within the web root (as defined in httpd.conf).

Solution :

Upgrade to the most recent version of Apache at www.apache.org

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.5
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10440 (apache_slash.nasl)

Bugtraq ID: 1284

CVE ID: CVE-2000-0505
CVE-2001-0729