Bug 439544 - Remove mod_autoindex.so . . .
Summary: Remove mod_autoindex.so . . .
Keywords:
Status: CLOSED DUPLICATE of bug 418701
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Apache
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: 1.0
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-29 01:49 UTC by Matthew Harmsen
Modified: 2015-01-04 23:31 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-22 20:42:02 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Harmsen 2008-03-29 01:49:33 UTC 
+++ This bug was initially created as a clone of Bug #418701 +++

Per  CVE-2007-4465 as documented in bugzilla bug #289511, the mod_autoindex.so
contains a potential security vulnerability.

Since the "mod_autoindex.so" Apache module should not be needed by either the
TPS or the RA, the line referencing "mod_autoindex.so" in both subsystems
httpd.conf files should be removed.

-- Additional comment from mharmsen@redhat.com on 2008-01-10 14:49 EST --
Note that this module is Required for the command 'IndexOptions' in the Apache
configuration.
Note You need to log in before you can comment on or make changes to this bug.