The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.
Use access restrictions for the /doc directory. If you use Apache you might use this in your access.conf: <Directory /usr/doc> AllowOverride None order deny,allow deny from all allow from localhost </Directory>
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability