Nessus Plugin #10756

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

MacOS X Finder reveals contents of Apache Web directories

Family:
CGI abuses
Category:
infos
Copyright:
This script is Copyright (C) 2001 Matt Moore
Summary:
Checks for .DS_Store
Version:
$Revision: 1.10 $
Cve_id:
-
Bugtraq_id:
3316
Xrefs:
-
Description:
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.

Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:

<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>

and restart Apache.

Risk factor : Medium
(possibly High depending on the sensitivity of your web content)

References:

www.macintouch.com/mosxreaderreports46.html
Generiert am 27.04.2005 um 18:49:54 Uhr.