|Title:||Netscape FastTrack 'get'|
When the remote web server is
issued a request with a lower-case 'get', it will return
a directory listing even if a default page such as index.html is
get / HTTP/1.0
Will return a listing of the root directory.
This allows an attacker to gain valuable information about the
directory structure of the remote host and could reveal the
presence of files which are not intended to be visible.
Solution : Upgrade your server to the latest version.
Risk factor : Medium
BugTraq ID: 481|
Common Vulnerability Exposure (CVE) ID: CVE-1999-0239
XForce ISS Database: fastrack-get-directory-list
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.