Rule: -- Sid: 1826 -- Summary: This event is generated when an attempt is made to access the WEB-INF directory on a web server. -- Impact: Information disclosure. -- Detailed Information: This event is generated when an attempt is made to access the WEB-INF directory on a web server. Multiple vendors are affected by an information disclosure issue where sensitive contents of a web application server can be revealed to an attacker by requesting the contents of this directory. -- Affected Systems: Multiple vendors, see references. -- Attack Scenarios: The attacker can make a simple web request for the directory that will reveal the sensitive files. The attacker can then retrieve the files for information that can be used in later attacks against the server or application. -- Ease of Attack: Simple. Exploit software not required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. Check the host logfiles and application logs for signs of compromise. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: Bugtraq: http://www.securityfocus.com/bid/1830 http://www.securityfocus.com/bid/5119 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-1050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0179 --