Debian 2.1 - HTTPd

EDB-ID:

19253


Author:

anonymous

Type:

remote


Platform:

Linux

Date:

1999-06-17


source: https://www.securityfocus.com/bid/318/info


The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line:

Alias /doc/ /usr/doc/

Boa is also preconfigured this way. 


lynx http://some.host/doc

This will provide you with all of the information in /usr/doc, which could be used to find vulnerable software on the remote machine.