Summary
The /doc directory is browsable.
/doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.
Solution
Use access restrictions for the /doc directory.
If you use Apache you might use this in your access.conf:
<Directory /usr/doc>
AllowOverride None
order deny,allow
deny from all
allow from localhost
</Directory>
Severity
Classification
-
CVE CVE-1999-0678 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability