Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 439544

Summary: Remove mod_autoindex.so . . .
Product: [Retired] Dogtag Certificate System Reporter: Matthew Harmsen <mharmsen>
Component: ApacheAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED DUPLICATE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: awnuk, benl, cfu, jgalipea, jmagne
Target Milestone: 1.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-22 20:42:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Harmsen 2008-03-29 01:49:33 UTC 
+++ This bug was initially created as a clone of Bug #418701 +++

Per  CVE-2007-4465 as documented in bugzilla bug #289511, the mod_autoindex.so
contains a potential security vulnerability.

Since the "mod_autoindex.so" Apache module should not be needed by either the
TPS or the RA, the line referencing "mod_autoindex.so" in both subsystems
httpd.conf files should be removed.

-- Additional comment from mharmsen on 2008-01-10 14:49 EST --
Note that this module is Required for the command 'IndexOptions' in the Apache
configuration.