Vulnerabilities > CVE-2000-0869

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apache
suse
nessus
exploit available
NVD
Published: 2000-11-14
Updated: 2017-10-10

Summary

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Vulnerable Configurations

Part Description Count
Application
Apache
1
OS
Suse
11

Exploit-Db

descriptionApache 1.3.12 WebDAV Directory Listings Vulnerability. CVE-2000-0869. Remote exploit for linux platform
idEDB-ID:20210
last seen2016-02-02
modified2000-09-07
published2000-09-07
reporterMnemonix
sourcehttps://www.exploit-db.com/download/20210/
titleApache 1.3.12 WebDAV Directory Listings Vulnerability

Nessus

NASL familyWeb Servers
NASL idWEBDAV.NASL
descriptionThe WebDAV module can be used to obtain a listing of the remote web server directories even if they have a default page such as index.html. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not intended to be visible.
last seen2020-06-01
modified2020-06-02
plugin id10505
published2000-09-08
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10505
titleApache WebDAV Module PROPFIND Arbitrary Directory Listing
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
  script_id(10505);
  script_version ("1.30");
  script_cvs_date("Date: 2018/08/07 11:56:12");

  script_cve_id("CVE-2000-0869");
  script_bugtraq_id(1656);
  
  script_name(english:"Apache WebDAV Module PROPFIND Arbitrary Directory Listing");

 script_set_attribute(attribute:"synopsis", value:
"The remote server is vulnerable to an information disclosure attack." );
 script_set_attribute(attribute:"description", value:
"The WebDAV module can be used to obtain a listing of the remote web
server directories even if they have a default page such as
index.html. 

This allows an attacker to gain valuable information about the
directory structure of the remote host and could reveal the presence
of files which are not intended to be visible." );
 script_set_attribute(attribute:"solution", value:
"Disable the WebDAV module, or restrict its access to authenticated and
trusted clients." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2000/09/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/09/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english: "Checks the presence of WebDAV");
 script_category(ACT_GATHER_INFO);
 script_copyright(english: "This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english: "Web Servers");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

r = http_send_recv3(port: port, item: '/', version: 11, method: 'PROPFIND',
  exit_on_fail: 1,
  add_headers: make_array("Content-Type", "text/xml",
			 "Depth", "1"),
  data : '<?xml version="1.0"?>\r\n<a:propfind xmlns:a="DAV:">\r\n <a:prop>\r\n  <a:displayname:/>\r\n </a:prop>\r\n</a:propfind>\r\n' );

if("HTTP/1.1 207 " >< r[0] && "D:href" >< r[2])
 security_warning(port);

References