Bug 1456393 - prevent directory listing on directories where it is not needed
Summary: prevent directory listing on directories where it is not needed
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Hybrid Cloud Console (console.redhat.com)
Classification: Red Hat
Component: Insights - Satellite Integration
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Lindani Phiri
QA Contact: Jeff Needle
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-29 10:08 UTC by Pavel Studeník
Modified: 2023-09-14 03:58 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-15 13:12:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Pavel Studeník 2017-05-29 10:08:26 UTC 
Description of problem:
We have bug 1373067 for Satellite 5 and we found directory in /var/www/ that is owned other package. It causes the issue that the directory is possible to list on webui. 

Version-Release number of selected component (if applicable):
redhat-access-plugin-sat5-2.1.0-56.el6sat.noarch

How reproducible:
always

Steps to Reproduce:
1. install Satellite 5
2. setup insight for this Satellite
3. go to http://<fqdn>/images/

Actual results:
Apache generates directory listing for these


Expected results:
Apache does not generates directory listing for these
Comment 1 Dave Johnson 2018-11-05 16:52:43 UTC 
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.
Comment 2 Red Hat Bugzilla 2023-09-14 03:58:17 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.