This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sentinel collector manager been detect "Apache-MultiView" Vulnerability

Hi All

     My Collector been detect a apache multiview vulnerability...it show need upgrade to than 1.3.22, Sentinel has using apache 2.x version.

it show be fix..But Nessus tem response his information below:

=============

Hi XXXXX

 

Yes , for Apache web server later than 1.3.22, review listing directory configuration to avoid disclosing sensitive information.

This would be best checked with your web server admin or with Apache.

Disabling multiviews is one of the options.

 

i have included a helpful external article on it.

https://serverfault.com/questions/264954/apache-multiviews-how-to-disable-it

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Kind regards,

 

**********

The Tenable Technical Support Team

tenable.com

===============================================================

and it provide the collectormanager response below:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last modified</a> <a href="?C=S;O=A">Size</a> <a href="?C=D;O=A">Description</a><hr><hr></pre>

<address>Apache Server at 10.6.3.167 Port 9080</address> </body></html>

==================================================================

Who has experience to fix this vulnerability ?? it seem not software fix , need modify some setting on some config files.

Thanks!!

Wencheng

  • 0  

    Sentinel itself does not include an Apache HTTPD server.

    Are you maybe using the appliance or have installed any other 3rd party software on the box?

  • 0 in reply to   

    My Sentinel and Collector manaer both use appliance source.

    and these server all has apache2 installed.

  • 0   in reply to 

    The appliance uses apache2-2.4.51.

    If you go to the URL with /?M=A you get output like this:

    I don't see any sensitive information being disclosed. This looks like a false positive from Tenable.

  • 0 in reply to   

    Hi Tenable seem this is a vulnerability...and customer require disable it.

    ==========================

    for Apache web server later than 1.3.22, review listing directory configuration to avoid disclosing sensitive information.

    This would be best checked with your web server admin or with Apache.

    Disabling multiviews is one of the options.

    =========================

    Customer trust these Scan product ..and require vender need fix them which be discovered.

    I only try to test to disable it and ask question on forum for get some information.

    Wencheng

  • 0   in reply to 

    Based on the data given, I wouldn't trust Tenable with this one.

    If you still think this is a potential security vulnerability please report it at https://support.microfocus.com/security/report-psv.html

  • Suggested Answer

    0 in reply to 

    Hi All

        Finally, I modify  vhost-vabase.conf....change parameter 

    original setting:

          Options Indexes FollowSymLinks

    New Setting:

          Options -Indexes +FollowSymLinks -MultiViews

    then restart apache2, the vulnerability seem be resolved.

    Wencheng