[Snort-sigs] rule documentation for WEB-MISC apache ?M=D directory list attempt

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 08:19:06 EDT 2003


Rule: WEB-MISC apache ?M=D directory list attempt

--
Sid: 1519

--
Summary: A remote user has tried to exploit a flaw in Apache that can give 
them a directory listing.

--
Impact: Medium

--
Detailed Information: When "Multiviews" are used to negotiate a directory 
index, a specially crafted URL can be used to obtain
a directory listing instead of the index page.

--
Affected Systems: Apache 1.3.11, 1.3.14, 1.3.17, 1.3.18, 1.3.19, 1.3.20

--
Attack Scenarios: An attacker can use this exploit to view sensitive 
information

--
Ease of Attack: Trivial

--
False Positives: The presence of the string "/?M=D" within an incoming 
http packet can cause this to trigger.

--
False Negatives: None Known

--
Corrective Action: Upgrade to Apache 1.3.22

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.securityfocus.com/bid/3009
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/9a96f459/attachment.html>


More information about the Snort-sigs mailing list