SERVER-WEBAPP /doc/ access
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
CVSS base score 5.0
CVSS impact score 2.9
CVSS exploitability score 10.0
- apache http_server *
- debian debian_linux 4.0
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.