Apache MultiViews Enabled
Summary#
Invicti detected that Apache MultiViews is enabled.
This vulnerability can be used for locating and obtaining access to some hidden resources.
Impact#
An attacker can use this functionality to aid in finding hidden files in the site and potentially gather further sensitive information.
Actions To Take#
Change your server configuration file. A recommended configuration for the requested directory should be in the following format:
<Directory /{YOUR DIRECTORY}> Options FollowSymLinks </Directory>Remove the MultiViews option from configuration.
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities
