W3C httpd (Formerly ‘CERN httpd’)路径泄露漏洞

漏洞信息详情

W3C httpd (Formerly ‘CERN httpd’)路径泄露漏洞

• CNNVD编号：CNNVD-200001-047
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0079
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2000-01-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-31
  
• 厂        商：
  
  w3c
• 漏洞来源：
  First posted to Bu…

W3C CERN httpd HTTP服务器存在漏洞。远程攻击者借助不存在的URL请求确定真正路径名。

According to the W3C httpd homepage, the httpd is no longer being maintained by the W3C and has not been since July 1996.
A built-in error message in W3C httpd can be customised quite easily by a line in the httpd configuration file. For example, for the error 500 message, just add to httpd.conf:
ErrorUrl 500 /somepath/myownerrormessage.html
More information at:
http://www.w3.org/Daemon/User/Error.html
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

来源: BID
名称: 936
链接:http://www.securityfocus.com/bid/936