×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Diego,
Actually I'm trying to lock the file down. But before I try I want to
verify that my test to see if the lock down works before I try to lock it
down.
I recently got dinged on a Qualys report with:
File .htaccess Accessible
THREAT:
.htaccess contains authentication information.
IMPACT:
Unauthorized users can gather authentication information from this file.
SOLUTION:
Change the Apache configuration so the .htaccess file cannot be accessed
via the Internet.
EXPLOITABILITY:
The Exploit-DB
Reference: CVE-2000-0234
Description: Cobalt RaQ 2.0/3.0 - Apache .htaccess Disclosure - The
Exploit-DB Ref : 19828
Link:
http://www.exploit-db.com/exploits/19828
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
GET /.htaccess HTTP/1.1
Host: 10.10.6.129:10081
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 19 Aug 2018 08:58:28 GMT
Server: Apache
Last-Modified: Wed, 02 Dec 2015 14:09:23 GMT
ETag: "185-525ead237cac0"
Accept-Ranges: bytes
Content-Length: 389
Rob Berendt
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
