July 27, 2001

Apache directory listing vulnerability

Author: JT Smith

From Net-security.org: "Old news: As the vulnerability's description describes, any user with
a web browser can obtain directory listing of the Apache http root
directory, even if the directory contains an index.html file and is
password protected.

New news: You can access files/directories under the http root by
subtracting the number of slashes from the appended url equal to the
number of characters in the file or directory name you are attempting
to access."


  • Linux
Click Here!