Hi All; I just tried this on a bunch of RAQ3's, a RAQ 4 and a Qube3 and 2 Windows 2000 Pro's running the latest Apache server and I did not get the reported Apache Bug This could be for much older versions or ones that the conf files have been tweak too much.... ---> >From Bugtrack on Apache A configuration bug has been discovered in Apache web server, where a remote user is able to view a list content of a directory even though the directory has an index.html file. The vulnerability allows an attacker knowledge that is considered sensitive. It appears that under some circumstances, Apache will serve a directory listing even if there is an index.html (or other valid "index document") in the directory. This is triggered by a request for: http://www.example.com/?M=A Solution: Turning off indexing in the httpd.conf file will keep Apache from doing this. There is no real reason not to turn off indexing as a global option if you have an index.html file in every directory. --> The Link in Question http://www.securiteam.com/unixfocus/5UP0C154VK.html . ---> My Sig!! Franklin S. Werren, [EMAIL PROTECTED] www.bagpipes.net Modem Madness Ringmaster at www.madbbs.com/webring/ ICQ 8556386 or fswerren46 on AOL's IM or fswerren46 for MSN Messenger Frank's Radio, P.O. Box 990, Sherman NY 14781-0990 www.franksradio.net For the best ISP in Chautauqua County NY and North West Pa go to www.madbbs.com They treat you right. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
