[Snort-users] WEB-MISC httpd directory traversal

Bill Parker dogbert at ...11664...
Wed Mar 2 08:24:45 EST 2005


----- Original Message ----- 
From: "Everett Littles" <bigtony at ...3027...>
To: <Snort-users at lists.sourceforge.net>
Sent: Tuesday, March 01, 2005 8:48 PM
Subject: [Snort-users] WEB-MISC httpd directory traversal


> I've been noticing a lot of these "WEB-MISC httpd directory traversal"
> alerts.  Is this something that I should even worry about if my Apache
> is up to date (1.3.33)?  I checked the signature on this, but the
> corrective action seems pretty non-descriptive.  It just says to apply
> to vendor supplied patches.  It also does not list the affected
> systems.  Just trying to make some sense of this.

What this usually means is that in your httpd.conf, you have a 'Indexes' or
'+Indexes'
defined for areas where you are serving files.  The end result is that if a
given directory
does NOT have a index.htm, index.html, default.htm, default.html located
within it, it will
generate a directory style listing of the files within the directory (in
some cases, this can
be a VERY bad thing).  What you want to do is review the content of your web
server
and directories which are lacking a index.htm should have one added, or you
can simply
remove the 'Indexes' or '+Indexes' from the httpd.conf (make a backup of
this file before
proceeding).

Bill





More information about the Snort-users mailing list