439544 – Remove mod_autoindex.so . . .

Bug 439544 - Remove mod_autoindex.so . . .

Summary: Remove mod_autoindex.so . . .

Keywords:
Status:	CLOSED DUPLICATE of bug 418701
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	Apache
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	1.0
Assignee:	Matthew Harmsen
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-29 01:49 UTC by Matthew Harmsen
Modified:	2015-01-04 23:31 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-22 20:42:02 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Harmsen 2008-03-29 01:49:33 UTC

+++ This bug was initially created as a clone of Bug #418701 +++

Per  CVE-2007-4465 as documented in bugzilla bug #289511, the mod_autoindex.so
contains a potential security vulnerability.

Since the "mod_autoindex.so" Apache module should not be needed by either the
TPS or the RA, the line referencing "mod_autoindex.so" in both subsystems
httpd.conf files should be removed.

-- Additional comment from mharmsen@redhat.com on 2008-01-10 14:49 EST --
Note that this module is Required for the command 'IndexOptions' in the Apache
configuration.

Note You need to log in before you can comment on or make changes to this bug.