GEN:SID | 1:1826 |
Message | WEB-MISC WEB-INF access |
Summary | This event is generated when an attempt is made to access the WEB-INF directory on a web server.
|
Impact | Information disclosure.
|
Detailed Information | This event is generated when an attempt is made to access the WEB-INF directory on a web server.
Multiple vendors are affected by an information disclosure issue where sensitive contents of a web application server can be revealed to an attacker by requesting the contents of this directory.
|
Affected Systems | Multiple vendors, see references.
|
Attack Scenarios | The attacker can make a simple web request for the directory that will reveal the sensitive files. The attacker can then retrieve the files for information that can be used in later attacks against the server or application.
|
Ease of Attack | Simple. Exploit software not required.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
Check the host logfiles and application logs for signs of compromise.
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/1830 http://www.securityfocus.com/bid/5119
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-1050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0179
|
Rule References | bugtraq: 1830
bugtraq: 5119
cve: 2000-1050
cve: 2001-0179
nessus: 11037
|