Nessus Plugin #10756
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
MacOS X Finder reveals contents of Apache Web directories
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2001 Matt Moore
- Summary:
- Checks for .DS_Store
- Version:
- $Revision: 1.10 $
- Cve_id:
- -
- Bugtraq_id:
- 3316
- Xrefs:
- -
- Description:
- MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.
Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>
and restart Apache.
Risk factor : Medium
(possibly High depending on the sensitivity of your web content)
References:
www.macintouch.com/mosxreaderreports46.html
Generiert am 27.04.2005 um 18:49:54 Uhr.