www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Kenney <kenney_m...@prc.com>
Subject general/4837: Directory viewing not disabled through Alias
Date Mon, 09 Aug 1999 16:16:49 GMT

>Number:         4837
>Category:       general
>Synopsis:       Directory viewing not disabled through Alias
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Aug  9 09:20:00 PDT 1999
>Last-Modified:
>Originator:     kenney_mark@prc.com
>Organization:
apache
>Release:        1.3.3
>Environment:
HP-UX proweb1 B.10.20 A 9000/800 2008005343
>Description:
With the "Option Indexes" turned off (not specified) in access.conf regular 
directories are not viewable, as intended.  However, with the "Options Indexes" 
turned off directories that are Aliased (set up using "Alias" in srm.conf) 
are still viewable.  Definitely seems like a security issue to me, I don't 
want my users to be able to view that directory.
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <apbugs@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]




Mime
View raw message