GEN:SID | 1:1374 |
Message | WEB-MISC .htgroup access |
Summary | Attempted .htgroup access via web
|
Impact | Attempt to gain information on group access permissions on a webserver
|
Detailed Information | This is an attempt to gain intelligence on the user and administration groups used on a webserver. The .htgroup file lists the groups allowed to access resources on a webserver. The attacker could possibly gain information needed for other attacks on the host.
|
Affected Systems | |
Attack Scenarios | The attacker can make a standard HTTP request that contains '.htgroup'in the URI.
|
Ease of Attack | Simple HTTP request.
|
Corrective Action | Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. Disallowing viewing of this file via a URI is suggested. For Apache webservers add the following to httpd.conf and restart the server.
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
|
Additional References | |