lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <008501c39c87$49855a20$f900a8c0@infinito.it>
Date: Mon, 27 Oct 2003 13:38:53 +0100
From: <tfm@....org>
To: <bugtraq@...urityfocus.com>
Subject: Root Directory Listing on RH default apache


Hello everybody

[root@...alhost root]# cat /etc/redhat-release 
Red Hat Linux release 9 (Shrike)

# Install apache from cd or the latest one rpm
[root@...alhost root]# rpm -Uvh /tmp/httpd-2.0.40-21.5.i386.rpm

==============================================
From /etc/httpd/conf/httpd.conf
# 
# Disable autoindex for the root directory, and present a
# default Welcome page if no other index page is present.
#
<LocationMatch "^/$>
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>
==============================================

It's true if you made a request like

GET / HTTP/1.0

Not true if you type:

GET // HTTP/1.0

If you have a simple index.html like

<html><body></body></html>

you aren't able to see the directory listing.
Well... a little problem but out there there are
lot of people that install default RH apache and
create "secret" (not linked) directory... :)
Well that's all, bye

TfM

___________________________________
-(/tmp/think_about_this:#)-> perl -e 'print 154.998 - 154,"\n"'
0.99799999999999
-(/tmp/think_about_this:#)-> perl -e 'print 154.997 - 154,"\n"'
0.997000000000014

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ