[10746] in bugtraq
Netscape Fasttrack 3.01 allows directory listing
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Jes=FAs_L=F3pez_de_)
Tue Jun 8 13:13:44 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: QUOTED-PRINTABLE
Message-Id: <002c01beb0c4$055bbf50$0100a8c0@acccomunicacion.es>
Date: Mon, 7 Jun 1999 10:59:15 +0200
Reply-To: =?iso-8859-1?Q?Jes=FAs_L=F3pez_de_Aguileta?= <jesus.la@ACC-COMUNICACION.ES>
From: =?iso-8859-1?Q?Jes=FAs_L=F3pez_de_Aguileta?= <jesus.la@ACC-COMUNICACION.ES>
To: BUGTRAQ@NETSPACE.ORG
Hi all,
I recently have downloaded a trial version of Fasttrack server (3.01) f=
or NT
According to Netscape documentation:
----8<------------------------8<-------------------8<---
Specifying index filenames
If a document name is not specified in the URL,
and the server finds a file with this name in a
document directory, it assumes that file is the
index file. The server automatically displays this
file when no specific file is requested. The defaults
are index.html and home.html. If more than
one name is specified, the server looks in the
order in which the names you specified appear
until one is found. For example, if your index
filenames are index.html, home.html, the
server first looks for index.html, and if the
server doesn't find it, then the server looks for
home.html.
------8<--------------8<---------------8<--------------------
Well, having this configuration:
Index Filenames: index.html
Directory indexing: fancy or simple
and HAVING a index.html file in root directory
if you telnet to default httpd port and type:
get / (lowercase)
You will get a directory listing of the root directory.
Workaround: Disable directory listing.
Netscape has been notified.
Regards,
Jes=FAs L=F3pez de Aguileta
Eunate Net
jesus.la@acc-comunicacion.es
