Closed Bug 1090109 Opened 11 years ago Closed 11 years ago

Apache mod_negotiation filename bruteforcing

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Version:
33 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: Hiqureshi012, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141011015303 Steps to reproduce: mod_negotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. This behaviour can help an attacker to learn more about his target, for example, generate a list of base names, generate a list of interesting extensions, look for backup files and so on. Actual results: This vulnerability affects Web Server. Pattern found: <title>406 Not Acceptable</title> CWE CWE-538 CVSS Base Score: 5.0 - AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Exploitability: Proof of concept code Remediation Level: Workaround Report Confidence: Uncorroborated Expected results: Possible information disclosure: directory listing, filename bruteforcing, backup files. Disable the MultiViews directive from Apache's configuration file and restart Apache. You can disable MultiViews by creating a .htaccess file containing the following line: Options -Multiviews
Please don't submit untested reports from vulnerability scanners. They are almost always wrong (such as this case).
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.