Debian Linux httpd 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105479 漏洞类型 配置错误
发布时间 1999-06-17 更新时间 2007-02-08
CVE编号 CVE-1999-0678 CNNVD-ID CNNVD-199901-042
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19253
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-042
|漏洞详情
DebianGNU/Linux上Apache的一个默认配置设置ServerRoot到/usr/doc存在漏洞。远程攻击者利用该漏洞读取整个服务器的文档文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/318/info


The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line:

Alias /doc/ /usr/doc/

Boa is also preconfigured this way. 


lynx http://some.host/doc

This will provide you with all of the information in /usr/doc, which could be used to find vulnerable software on the remote machine.
|参考资料

来源:BID
名称:318
链接:http://www.securityfocus.com/bid/318