Bug 439544 - Remove mod_autoindex.so . . .
Remove mod_autoindex.so . . .
Status: CLOSED DUPLICATE of bug 418701
Product: Dogtag Certificate System
Classification: Community
Component: Apache (Show other bugs)
1.0
All Linux
low Severity low
: 1.0
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-28 21:49 EDT by Matthew Harmsen
Modified: 2015-01-04 18:31 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-22 15:42:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2008-03-28 21:49:33 EDT
+++ This bug was initially created as a clone of Bug #418701 +++

Per  CVE-2007-4465 as documented in bugzilla bug #289511, the mod_autoindex.so
contains a potential security vulnerability.

Since the "mod_autoindex.so" Apache module should not be needed by either the
TPS or the RA, the line referencing "mod_autoindex.so" in both subsystems
httpd.conf files should be removed.

-- Additional comment from mharmsen@redhat.com on 2008-01-10 14:49 EST --
Note that this module is Required for the command 'IndexOptions' in the Apache
configuration.

Note You need to log in before you can comment on or make changes to this bug.