Hi All
My Collector been detect a apache multiview vulnerability...it show need upgrade to than 1.3.22, Sentinel has using apache 2.x version.
it show be fix..But Nessus tem response his information below:
=============
Hi XXXXX
Yes , for Apache web server later than 1.3.22, review listing directory configuration to avoid disclosing sensitive information.
This would be best checked with your web server admin or with Apache.
Disabling multiviews is one of the options.
i have included a helpful external article on it.
https://serverfault.com/questions/264954/apache-multiviews-how-to-disable-it
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Kind regards,
**********
The Tenable Technical Support Team
tenable.com
===============================================================
and it provide the collectormanager response below:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last modified</a> <a href="?C=S;O=A">Size</a> <a href="?C=D;O=A">Description</a><hr><hr></pre>
<address>Apache Server at 10.6.3.167 Port 9080</address> </body></html>
==================================================================
Who has experience to fix this vulnerability ?? it seem not software fix , need modify some setting on some config files.
Thanks!!
Wencheng