Rule: -- Sid: 1519 -- Summary: This event is generated when an attempt is made to exploit a flaw in Apache that can result in a listing of directory contents. -- Impact: Information disclosure. -- Detailed Information: When "Multiviews" are used to negotiate a directory index, a specially crafted URL can be used to obtain a directory listing instead of the index page. -- Affected Systems: Apache 1.3.11, 1.3.14 to 1.3.20 -- Attack Scenarios: An attacker can use this exploit to view sensitive information -- Ease of Attack: Simple. -- False Positives: The presence of the string "/?M=D" within an incoming http packet can cause this rule to generate an event. -- False Negatives: None known. -- Corrective Action: Upgrade to the latest non-affected version of the software. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> Snort documentation contributed by Josh Sakofsky -- Additional References: Bugtraq: http://www.securityfocus.com/bid/3009 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0731 --
