Apache 1.3.20 with Multiviews enabled allows remote malicious users to view directory contents and bypass the index page via a URL containing the "M=D" query string.
source: wwwsecurityfocuscom/bid/3009/info
A possible vulnerability exists in Apache that could cause directory contents to be disclosed when directory indexing is enabled, despite the presence of an 'indexhtml' file
The problem is likely the result of an error in "multiview" functionality provided as part of Apache's content negotiatio ...
Vulmon