Bug#649888: Hide /icons index

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#649888: Hide /icons index
From: Mathieu Parent <math.parent@gmail.com>
Date: Thu, 24 Nov 2011 16:42:44 +0100
Message-id: <[🔎] CAFX5sby9tLsZ5u-9mytdYhRFMz+OFXSSy7iuymMX+q9dBppuUQ@mail.gmail.com>
Reply-to: Mathieu Parent <math.parent@gmail.com>, 649888@bugs.debian.org

Package: apache2
Version: 2.2.21-2
Tags: security
Severity: minor

Hi,

Currently, on any Debian-based apache2, anyone can browse the /icons URL.

Anyone can see that odf6* icons are present (-> this is Debian
specific) and the date of these icons correspond to the build date.

So one can deduce the version and arch (for example "29-Sep-2011
23:00" is apache2 2.2.16-6+squeeze4 amd64)

Recommendation: remove the "Indexes" option in
'config-dir/mods-available/alias.conf' [1].

Regards

-- 
Mathieu Parent

[1]: http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/config-dir/mods-available/alias.conf?revision=410&view=markup

Reply to:

Follow-Ups:
- Bug#649888: Hide /icons index
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Re: Let's talk about SVN management
Next by Date: Bug#649888: Hide /icons index
Previous by thread: Bug#649310: Apache serves inexistent URIs when mod_negotiation is loaded
Next by thread: Bug#649888: Hide /icons index
Index(es):
- Date
- Thread