HTTP index.html check 2.0
 
Plugin ID3
Plugin nameHTTP index.html check
Plugin filenameHTTP index.html check.plugin
Plugin filesize2860 bytes
Plugin familyHTTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/06
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version2.0
Plugin changelogCorrected the severity and added the NetRecon rating in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and added the changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /index.html HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *
Plugin detection accuracy95
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug affectedAll web servers
Bug vulnerability classConfiguration
Bug descriptionThe file /index.html was found on the web server. This is normally the default file for direct connection attempts. An attacker may gain the information that on this webserver only static web pages (HTML) were used. He then is not very interested in interactive attacks (e.g. PHP or ASP).
Bug solutionA service if not needed should be de-installed or disabled. If this is not possible, an access control list (ACL) with firewalling should be applied to this port. And if possible change the welcome banner to confuse an attacker and give him false information.
Bug fixing time15 minutes
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity10
Bug simplicity9
Bug impact3
Bug risk4
Bug Symantec NetRecon rating42
Bug check toolsYou can do this check with every web browser.
Source CVECVE-1999-0633
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.