Block Tomcat's directory listing vulnerability with Directory and regex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I have been trying to block the Tomcat directory listing vulnerability
using Apache's Directory with no success.

Has anyone been able to fix that? We can't upgrade Tomcat as
recommended by the CVE, and that flaw is also present on versions above
5.5.17

Here is the vulnerability:
http://www.securityfocus.com/bid/19106/exploit

Basically any url like http://foo.com/; (with a semicolon at the end)
displays the directory files

This is what I'm trying to do:

<Directory ~ "^\;">
   AllowOverride None
   Order deny,allow
   Deny from all
   Allow from none
</Directory>

I have tried a couple different regexes but nothing worked so far

Thank you

Leo
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux