漏洞类别:Web server漏洞等级: 
漏洞信息
Any user from any host can obtain a list of packages installed on a S.u.S.E Version 6.3 or 6.4 system by submitting the following URL to the Web server:
http://www.example.org/doc/packages/
This vulnerability is due to a configuration in the Apache httpd.conf file (supplied with S.u.S.E) that permits anyone to request documents from this Web root sub-directory.
漏洞危害
By exploiting this vulnerability, unauthorized users can identify which packages are installed on the vulnerable host, and then use that information to execute more complicated attacks.
解决方案
Change line 801 of the Apache configuration file (/etc/httpd/httpd.conf).
The text currently reads as:
- Directory /usr/doc
- Options FollowSymLinks Indexes +Includes
- AllowOverride None
- Directory
Change this to the following:
- Directory /usr/doc
- order deny,allow
- deny from all
- allow from localhost
- Options Indexes FollowSymLinks +Includes
- AllowOverride None
- Directory
0day
文章评论