Netscape FastTrack get Command Forced Directory Listing
Medium Nessus Plugin ID 10156
SynopsisThe remote web server is vulnerable to an information disclosure attack.
DescriptionWhen the remote web server is issued a request with a lower-case 'get', it will return a directory listing even if a default page such as index.html is present. For example :
get / HTTP/1.0
will return a listing of the root directory.
This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files that are not intended to be visible.
SolutionUpgrade the server to the latest version.