https://www.exploit-db.com/exploits/21002
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-003

CVE(CAN)ID:CVE-2001-0731Apache的AutoIndex(自动索引)模块会自动对目录进行索引。如果该目录下存在index.html文件，那么自动索引将显示index.html的内容。然而，这个模块存在一个可能的问题，如果提交某些特殊命令，可能会泄漏目录列表，不管index.html文件是否存在。问题出在/src/modules/standard/mod_autoindex.c：#defineK_NAME’N’/*Sortbyfilename(default)*/#defineK_LAST_MOD’M’/*Lastmodificationdate*/#defineK_SIZE’S’/*Size(absolute，notasdisplayed)*/#defineK_DESC’D’/*Description*/#defineD_ASCENDING’A’#defineD_DESCENDING’D’

source: http://www.securityfocus.com/bid/3009/info

A possible vulnerability exists in Apache that could cause directory contents to be disclosed when directory indexing is enabled, despite the presence of an 'index.html' file.

The problem is likely the result of an error in "multiview" functionality provided as part of Apache's content negotiation support. Exploitation of this problem may lead to the dislosure of sensitive information to attackers. 

http://target-webserver/?M=A
http://target-webserver/?S=D

来源:www.apacheweek.com
链接:http://www.apacheweek.com/issues/01-10-05#security
来源:XF
名称:apache-multiviews-directory-listing(8275)
链接:http://xforce.iss.net/xforce/xfdb/8275
来源:BID
名称:3009
链接:http://www.securityfocus.com/bid/3009
来源:BUGTRAQ
名称:20010709HowGoogleindexedafilewithnoexternallink
链接:http://www.securityfocus.com/archive/1/[email protected]
来源:REDHAT
名称:RHSA-2001:164
链接:http://www.redhat.com/support/errata/RHSA-2001-164.html
来源:REDHAT
名称:RHSA-2001:126
链接:http://www.redhat.com/support/errata/RHSA-2001-126.html
来源:MANDRAKE
名称:MDKSA-2001:077
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077
来源:SGI
名称:20020301-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P