[3913] in bugtraq
Re: extra long URL attack
daemon@ATHENA.MIT.EDU (Jyri Kaljundi)
Sat Jan 11 13:09:14 1997
Date: Sat, 11 Jan 1997 19:21:48 +0200
Reply-To: Jyri Kaljundi <jk@stallion.ee>
From: Jyri Kaljundi <jk@stallion.ee>
X-To: strick -- henry strickland <strick@versant.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199701110643.WAA11911@gwarn.versant.com>
On Fri, 10 Jan 1997, strick -- henry strickland wrote:
> I don't know about CGI attacks, but this extra long URL to
> my site running
> Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
> will show you the raw contents of the top directory
> rather than the /index.html file (using Netscape Navigator 3.0 solaris
> for a browser).
This works also for standard Apache 1.1.1. One solution is to turn off
indexing in Apache config. In your access.conf file, in Options just
remove the word Indexes.
Juri Kaljundi
jk@stallion.ee
