Re: WEB-MISC httpd directory traversal

["Bill Parker" <dogbert () netnevada net>]

----- Original Message ----- 
From: "Everett Littles" <bigtony () mac com>
To: <Snort-users () lists sourceforge net>
Sent: Tuesday, March 01, 2005 8:48 PM
Subject: [Snort-users] WEB-MISC httpd directory traversal


> I've been noticing a lot of these "WEB-MISC httpd directory traversal"
> alerts.  Is this something that I should even worry about if my Apache
> is up to date (1.3.33)?  I checked the signature on this, but the
> corrective action seems pretty non-descriptive.  It just says to apply
> to vendor supplied patches.  It also does not list the affected
> systems.  Just trying to make some sense of this.

What this usually means is that in your httpd.conf, you have a 'Indexes' or
'+Indexes'
defined for areas where you are serving files.  The end result is that if a
given directory
does NOT have a index.htm, index.html, default.htm, default.html located
within it, it will
generate a directory style listing of the files within the directory (in
some cases, this can
be a VERY bad thing).  What you want to do is review the content of your web
server
and directories which are lacking a index.htm should have one added, or you
can simply
remove the 'Indexes' or '+Indexes' from the httpd.conf (make a backup of
this file before
proceeding).

Bill



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users