We ran a vulnerability assessment (results follow below) and here are 2 issues that popped up, and the results suggest changing directives from the httpd.conf file, which of course we don't have. What Tomcat equivalent options in the XML config file(s) are needed to be set to fix these?
"The Mac OS X Finder creates a file called .DS_Store in each directory that it views. Some versions of OS X include system configuration information and file location information in these files. The .DS_Store files can be accessed from this server via a web request such as http://IP/.DS_Store. Service: Apache-Coyote/1.1 Bugtraq:3316 Configure your Apache server to block access to these files with the FileMatch feature of httpd.conf. Some distributions of Apache, especially in Red Hat 7.0, allow an attacker to probe a system for user names via requests for user home pages (e.g., http://host/~username). Service: Apache-Coyote/1.1 CVE:CAN-2001-1013 Bugtraq:3335 Disabling the UserDir directive in the Apache configuration file (httpd.conf) will prevent this, although it will also prevent users from providing their own web pages. Alternately, specify ErrorDocuments for both 403 (Forbidden) and 404 (Page Not Found) responses." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
