By making a request to the Apache web server ending in '?M=A' it is sometimes possible to obtain a directory listing even if an index.html file is present. It appears that it is possible to retrieve a directory listing from the root of the Apache web server being tested. However, this could be because there is no 'index.html' or similar default file present.
Unless it is required, turn off Indexing by making the appropriate changes to your httpd.conf file.
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
- Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities