Auto Directory Index Direct GET Request Hidden File Access

2003-02-12T00:00:00
ID OSVDB:7120
Type osvdb
Reporter OSVDB
Modified 2003-02-12T00:00:00

Description

Vulnerability Description

Auto Directory Index contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Auto Directory Index contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.

References:

Vendor URL: http://autoindex.sourceforge.net/ Vendor Specific Advisory URL