Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:WEBDAV-PROPFIND |
|---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache WebDav PROPFIND Directory Disclosure |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache WebDav PROPFIND Directory Disclosure
This signature detects attempts to exploit a known vulnerability against the default configurations for Apache 1.3.12 in SuSE Linux 6.4. Attackers can use maliciously crafted WebDAV PROPFIND HTTP requests to list arbitrary directories on the affected server.
Extended Description
WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP which allows users to create, edit and share documents using the HTTP protocol. A particular REQUEST METHOD, PROPFIND, allows users to retrieve resource properties such as displayname, date last modified, and others. Apache web server as installed by SuSE 6.4 has WebDAV enabled for the entire file structure of the server. By making a specific, properly structured request to the Apache web server, it is possible to obtain information which is equivalent to a directory listing.
Affected Products
- Apache_software_foundation apache 1.3.12
- Suse linux 6.0.0
- Suse linux 6.1.0
- Suse linux 6.1.0 alpha
- Suse linux 6.2.0
- Suse linux 6.3.0
- Suse linux 6.3.0 alpha
- Suse linux 6.3.0 ppc
- Suse linux 6.4.0
- Suse linux 6.4.0 Alpha
- Suse linux 6.4.0 ppc
- Suse linux 7.0.0
References
- BugTraq: 1656
- CVE: CVE-2000-0869