Auto Directory Index Direct GET Request Hidden File Access
2003-02-12T00:00:00
ID OSVDB:7120 Type osvdb Reporter OSVDB Modified 2003-02-12T00:00:00
Description
Vulnerability Description
Auto Directory Index contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.
Solution Description
Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Auto Directory Index contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.
{"title": "Auto Directory Index Direct GET Request Hidden File Access", "published": "2003-02-12T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:02", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:02", "rev": 2}, "vulnersScore": -0.1}, "cvelist": [], "viewCount": 0, "affectedSoftware": [{"version": "1.0.2", "name": "Auto Directory Index", "operator": "eq"}, {"version": "1.0.0", "name": "Auto Directory Index", "operator": "eq"}, {"version": "1.0.3", "name": "Auto Directory Index", "operator": "eq"}, {"version": "1.0.1", "name": "Auto Directory Index", "operator": "eq"}], "id": "OSVDB:7120", "modified": "2003-02-12T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:7120", "edition": 1, "description": "## Vulnerability Description\nAuto Directory Index contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nAuto Directory Index contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when a remote attacker directly requests a file or directory flagged as 'hidden', which will disclose the contents of the file/directory resulting in a loss of confidentiality.\n## References:\nVendor URL: http://autoindex.sourceforge.net/\n[Vendor Specific Advisory URL](http://autoindex.sourceforge.net/changeLog.html)\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:20:02"}