Bug#649888: Hide /icons index
Package: apache2
Version: 2.2.21-2
Tags: security
Severity: minor
Hi,
Currently, on any Debian-based apache2, anyone can browse the /icons URL.
Anyone can see that odf6* icons are present (-> this is Debian
specific) and the date of these icons correspond to the build date.
So one can deduce the version and arch (for example "29-Sep-2011
23:00" is apache2 2.2.16-6+squeeze4 amd64)
Recommendation: remove the "Indexes" option in
'config-dir/mods-available/alias.conf' [1].
Regards
--
Mathieu Parent
[1]: http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/config-dir/mods-available/alias.conf?revision=410&view=markup
Reply to: