id: apache-filename-enum

info:
  name: Apache Filename Enumeration
  author: geeknik
  severity: low
  description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
  reference:
    - https://hackerone.com/reports/210238
    - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
  metadata:
    max-request: 1
  tags: apache,misconfig,hackerone,vuln

http:
  - method: GET

    headers:
      Accept: "fake/value"
    path:
      - "{{BaseURL}}/index"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 406

      - type: word
        words:
          - "Not Acceptable"
          - "Available variants:"
          - "<address>Apache Server at"
        condition: and
# digest: 490a0046304402207f982ee48d27ad07f6e8e9882292f013f9152f90b48454da5103b116869da0910220365d5d117a7bf0ba115cf87332612a045fcb362934b79f8befa6faa34fa00f2e:922c64590222798bb761d5b6d8e72950