RE: IIS5.0 Directory Browsing
From: McCammon, Keith (Keith.McCammon@eadvancemed.com)Date: 11/29/01
- Previous message: Michael Lamb (Volt): "RE: Deploying Hotfixes, SPs and other Software"
- Maybe in reply to: Enrico Tausz: "IIS5.0 Directory Browsing"
- Next in thread: Craig Humphrey: "RE: IIS5.0 Directory Browsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: IIS5.0 Directory Browsing Date: Thu, 29 Nov 2001 10:46:18 -0500 Message-ID: <BB7FD4FF9E440648A731452E5D341FB0C6619D@hitsexchange01.advance-med.com> From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com> To: "Enrico Tausz" <etausz@ig.com.br>, <focus-ms@securityfocus.com>
Use a different search tool. You do not need to enable directory
browsing to search a web site. DB is not necessarily a huge security
hole, assuming that your server is thoroughly secured. However, it
should be considered an "unnecessary risk."
And putting a default document in each directory is useless. I can just
type in http://yourserver.com/blabla.htm and get a full listing
(assuming that you don't have a page called blabla.htm). If you do have
that page, I'll just try something else until I get the goods.
Cheers
Keith
-----Original Message-----
From: Enrico Tausz [mailto:etausz@ig.com.br]
Sent: Thursday, November 29, 2001 1:06 AM
To: focus-ms@securityfocus.com
Subject: IIS5.0 Directory Browsing
Hello everyone,
I´m evaluating a search tool named 'webinator' and to
make the searh work, I have to permit 'directory
brosing' in my IIS. To prevent expose my diretories, I
put a default document in every subdirectory.
Can somebody tell me if my server is VUL using this
solution ?
Thanks in Advance.
Enrico
- Previous message: Michael Lamb (Volt): "RE: Deploying Hotfixes, SPs and other Software"
- Maybe in reply to: Enrico Tausz: "IIS5.0 Directory Browsing"
- Next in thread: Craig Humphrey: "RE: IIS5.0 Directory Browsing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
