{"vuid":"VU#913704","idnumber":"913704","name":"MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing","keywords":["Linux-Mandrake","MandrakeSoft","Mandrake Linux","Apache","sample","default","index"],"overview":"The default installation of Apache on MandrakeSoft Mandrake Linux enables directory indexing on directories that may unnecessarily disclose information about the server.","clean_desc":"MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default installation of Apache on Mandrake Linux enabes indexing at the root of the web server. Most of the directories of the web server are therefore browsable, and any new directories will inherit the index setting. The server may disclose directory structure, file names and locations, and possibly file contents.","impact":"Apache running on a Mandrake Linux system may disclose directory structure, file names and locations, and possibly the contents of files.","resolution":"Install Updated Package\nInstall an updated Apache package when available.","workarounds":"Disable Indexing\nDisable indexing where desired by modifying /etc/httpd/conf/httpd.conf. Note that the following example disables indexing for the entire default web site:  /var/www/ and all subdirectories. <Directory /var/www/*> Options -Indexes\n</Directory>","sysaffected":"","thanks":"The CERT Coordination Center thanks \nProCheckup Ltd\n for reporting this vulnerability.","author":"This document was written by Art Manion.","public":["h","t","t","p",":","/","/","w","w","w",".","p","r","o","c","h","e","c","k","u","p",".","c","o","m","/","v","u","l","n",".","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-03T21:12:31Z","publicdate":"2001-11-20T00:00:00Z","datefirstpublished":"2001-11-21T16:36:12Z","dateupdated":"2002-12-06T18:10:09Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"7","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.21","cam_scorecurrentwidelyknown":"4.2","cam_scorecurrentwidelyknownexploited":"8.4","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.21,"vulnote":null}