Hi all, I have been trying to block the Tomcat directory listing vulnerability using Apache's Directory with no success.
Has anyone been able to fix that? We can't upgrade Tomcat as recommended by the CVE, and that flaw is also present on versions above 5.5.17 Here is the vulnerability: http://www.securityfocus.com/bid/19106/exploit Basically any url like http://foo.com/; (with a semicolon at the end) displays the directory files This is what I'm trying to do: <Directory ~ "^\;"> AllowOverride None Order deny,allow Deny from all Allow from none </Directory> I have tried a couple different regexes but nothing worked so far Thank you Leo