Rule:

--
Sid:
1826

--
Summary:
This event is generated when an attempt is made to access the WEB-INF
directory on a web server.

--
Impact:
Information disclosure.

--
Detailed Information:
This event is generated when an attempt is made to access the WEB-INF
directory on a web server.

Multiple vendors are affected by an information disclosure issue where
sensitive contents of a web application server can be revealed to an
attacker by requesting the contents of this directory.

--
Affected Systems:
	Multiple vendors, see references.

--
Attack Scenarios:
The attacker can make a simple web request for the directory that will
reveal the sensitive files. The attacker can then retrieve the files for
information that can be used in later attacks against the server or
application.

--
Ease of Attack:
Simple. Exploit software not required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Check the host logfiles and application logs for signs of compromise.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/1830
http://www.securityfocus.com/bid/5119

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-1050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0179

--