CGI abuses : Netscape FastTrack 'get'

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 10156

Category: CGI abuses

Title: Netscape FastTrack 'get'

Summary: NOSUMMARY

Description: Description:
When the remote web server is
issued a request with a lower-case 'get', it will return
a directory listing even if a default page such as index.html is
present.

Example :

get / HTTP/1.0

Will return a listing of the root directory.

This allows an attacker to gain valuable information about the
directory structure of the remote host and could reveal the
presence of files which are not intended to be visible.

Solution : Upgrade your server to the latest version.

Risk factor : Medium

Cross-Ref: BugTraq ID: 481
Common Vulnerability Exposure (CVE) ID: CVE-1999-0239
http://www.osvdb.org/122
XForce ISS Database: fastrack-get-directory-list

Copyright This script is Copyright (C) 1999 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	10156
Category:	CGI abuses
Title:	Netscape FastTrack 'get'
Summary:	NOSUMMARY
Description:	Description: When the remote web server is issued a request with a lower-case 'get', it will return a directory listing even if a default page such as index.html is present. Example : get / HTTP/1.0 Will return a listing of the root directory. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not intended to be visible. Solution : Upgrade your server to the latest version. Risk factor : Medium
Cross-Ref:	BugTraq ID: 481 Common Vulnerability Exposure (CVE) ID: CVE-1999-0239 http://www.osvdb.org/122 XForce ISS Database: fastrack-get-directory-list
Copyright	This script is Copyright (C) 1999 Renaud Deraison