Apache for Windows Multiple Forward Slash Directory Listing

Copyright 2000-2015 John Lampe....j_lampe@bellsouth.net

Synopsis :

It is possible to obtain the list of the contents of the remote

Description :

Certain versions of Apache for Win32 have a bug wherein remote users
can list directory entries. Specifically, by appending multiple /'s
to the HTTP GET command, the remote Apache server will list all files
and subdirectories within the web root (as defined in httpd.conf).

Solution :

Upgrade to the most recent version of Apache at www.apache.org

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.5
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10440 (apache_slash.nasl)

Bugtraq ID: 1284

CVE ID: CVE-2000-0505

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now