From keyurmaheta3121@gmail.com Tue Jan 20 09:45:24 2026
Return-path: <keyurmaheta3121@gmail.com>
Envelope-to: peter@bsdly.net
Delivery-date: Tue, 20 Jan 2026 09:45:24 +0100
Received: from geekbay.nuug.no ([158.36.191.213])
	by skapet.bsdly.net with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <keyurmaheta3121@gmail.com>)
	id 1vi7MZ-000000004Qy-1j5P
	for peter@bsdly.net;
	Tue, 20 Jan 2026 09:45:24 +0100
Received: by geekbay.nuug.no (Postfix)
	id AC5E59FCCE; Tue, 20 Jan 2026 09:45:22 +0100 (CET)
Delivered-To: drift@nuug.no
Received: from portal.nuug.no (portal.nuug.no [158.36.191.225])
	(using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512)
	(No client certificate requested)
	by geekbay.nuug.no (Postfix) with ESMTPS id 6FCE59FCC6
	for <drift@nuug.no>; Tue, 20 Jan 2026 09:45:22 +0100 (CET)
Received: from mail-qk1-f182.google.com ([209.85.222.182])
	by portal.nuug.no with esmtps  (TLS1.3) tls TLS_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <keyurmaheta3121@gmail.com>)
	id 1vi7MW-000000007af-3aBH
	for drift@nuug.no;
	Tue, 20 Jan 2026 09:45:22 +0100
Received: by mail-qk1-f182.google.com with SMTP id af79cd13be357-8c5384ee23fso553851785a.1
        for <drift@nuug.no>; Tue, 20 Jan 2026 00:45:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1768898719; cv=none;
        d=google.com; s=arc-20240605;
        b=bQTmLC7Iy0VPLaXYpeJDLpV6N6iE1ldEgPRproJ6GWbSMeARRxf2GjpnFy/l7co6lT
         7b6fUvA392O6r1+XtTrEYQANYNrQgxIGVZMqRS1Gm1PloMpIv8Ab97rH/8Q0EYwJ80Yq
         qEslP7VAZMIEtIC/ZilWTlU9hoifJ0o2reL5i4C37Z97gh3xywNFSkqBaXAkOCUuC+ea
         LbRmfASUH+PJ+UqJUdgL6ceGYmR2HXh3xtIKJDtGvv+e1ob31iSTYYoQveA7g2qUYHep
         NQa9uEaeUihYsNSa8JvYwLZmXYPXpWtpoNUdFG6HvBWtG/cD0bmxSRnT9nc0I3SQD9Fg
         Rr/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=to:subject:message-id:date:from:mime-version:dkim-signature;
        bh=n0KJvyWZv6i44kZHjZjtcOdesku6jU9uhNnVDDZz2Vc=;
        fh=TpvyzlmzG0gtgWla502uZgPk0GfcO13+3pSt4FYTEMI=;
        b=UhR01Uu1VJ+yrkTxEXPgHRicKbhkGcXy7Z04ivJSSYp07c9GYy2xaxD0IZk+Fr52OC
         x/0fcSkIB1FymDlY4LZWW2wZeKOufpypiyzX2wLp8vF97YeFSLQbhQzZ5YqvOo2U5yd4
         KPTAq605M5ZObxYnxsPYBUOWO44U8nYOCh62kDffE6WlG4q7Kxsle+rQDl0VepfolXp7
         HBleaxEHf2vK3+hH5v1vBuqtvDeKomO+KwVqi6zSFpykW+LZeJMHDMRMQnK637Qk/qYx
         eBahlGcF3vBxp9tcb4KNN50mO6LgFe7EaBLY7TDkzfK/9TRfjlk3gbyN9Hxsb54TNjsq
         7wag==;
        darn=nuug.no
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1768898719; x=1769503519; darn=nuug.no;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=n0KJvyWZv6i44kZHjZjtcOdesku6jU9uhNnVDDZz2Vc=;
        b=FKXSjHHwvRP05YyD0W5cQD2S2e+hCrtMRctA15LB7FoZWAraJSBFGS/RFHLQcbASBL
         vP0gfn5FupJ7zUmAsawT88yUitgv0nO6KAFG5wBOvVEknjYHzqVkedS/84yhjhm45zwA
         xO8y3oohg8KA5BWF+oYbo/RRvybPDU5xKEb3RJT0d2Iei1EEK7cw6qt2yUQe6JKoPJMM
         QwFxUy5pzv+CRQOJ4uvZ21Dyo7CoCC9UAKnEJ4jLm9+9Porr9ePD8UGENwLAVPeFXq7B
         9W19ScIMEX5co7o76YoDpx6wSbILbNS3UPNWnE0gvY45E4JlhAxi8lILZP47dDWALq1x
         5oOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768898719; x=1769503519;
        h=to:subject:message-id:date:from:mime-version:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=n0KJvyWZv6i44kZHjZjtcOdesku6jU9uhNnVDDZz2Vc=;
        b=gRbZBb5zkW5HKS0cw3Xx/Z1/PGj1of57lcacpPaWRVF4BZftMfTQz1ei3gjMCHfxBP
         I/k14/RYN/gm0qFpQWJeQRHJAdiSgaEmBDU29TfKUuYqtWjzrnhfzf5fXDcAmUFRu5hC
         t22BvRUG7E28gsRNmPGDmasf7Mqe1LbatJfcpVoaScwV1JoFvyMm+4oRH3+C3LMtyn7a
         h0jndxle3yMwhznxgmBhrULwH9b9ityhRPtDtqG+ARW71CU27TnOhk55NxkHjTiHGd4Y
         zSLQZCPqgQrwwtkpvDvbuNOP8J7jIYneGwNGHuvfZwzm8EeL03wpRaz3pFyIGocQaMe1
         9QjA==
X-Gm-Message-State: AOJu0YyKhrNQzG9X4ZTssYjeU7EvD5N6Q5kzZHeWnxTauMbXmoWDbL8z
	Oq2PwkVC+oaI/UwDXkttGVGf98I6ePZiyarocGa2xO8ztajkiqy8J6xW82T9ubRJdb0GRk8DWJq
	uyw8/LbaHwEwa6yXg6yVV0xd+mmoc5vKZ3XIei+MJrQ==
X-Gm-Gg: AY/fxX732fkMiRc52sAQc+YO0dFc8euUf+EsbGTI57AeHh0IkJ1OnkMheQHbvKzKTj0
	OFQGgRjp9yuLDiS5X4TuPfePOlDhrpy38FWnw6NISq+zbEZ2QQIdq8im78NoCkBrwOdIjpcva4N
	6XEAvSuwmQkaTnnd87cukboafznPnuI8SOyTzgTXozMkhb9dHHKQCONQ7Df2Jk5ZcVs6cT036a/
	gIwt8J3Q22Sg6Pfd2i1n7rYqiQUWat44VHHF1IW9WBKElYdpkIHXYtjuKjcYIiwSiI1DK9Ppsck
	Fqp4FWtHvSWyOkRgipDLCbh/cgsQ1dsMnJZvDp7/irOD62YvuVKWTP1lJrqYCnr2lYHG1tVVLXV
	GN3hxgfobFLxRE25fO/a9szRvDverquHe7+jpj2xBmTrl3hxwxtUxtHP55YXXiOxlf77VvTi+7z
	B0U7oLLV7A/sBA/PWqabwZfoorizUsQz3UYfrO9eWQK2c15gflkAzJ
X-Received: by 2002:a05:620a:191c:b0:8c5:2ce6:dc2 with SMTP id
 af79cd13be357-8c6a68bdedcmr1766991285a.17.1768898717905; Tue, 20 Jan 2026
 00:45:17 -0800 (PST)
MIME-Version: 1.0
From: Keyur Maheta <keyurmaheta3121@gmail.com>
Date: Tue, 20 Jan 2026 14:15:05 +0530
X-Gm-Features: AZwV_Qh35x3oPj_LYwXQhAZcWtAl5SMlBQZ2Zd1KRdtB41IIasH8bqryP65GlNk
Message-ID: <CAAHq7WVKVgV+NJrBsx+tozPr+sUDw5nCyP5DdgWQXDh7c-u+Gw@mail.gmail.com>
Subject: Vulnerability report - 18414
To: drift@nuug.no
Content-Type: multipart/alternative; boundary="000000000000b9769e0648cdd3e2"
Status: RO
Content-Length: 4820
Lines: 122

--000000000000b9769e0648cdd3e2
Content-Type: text/plain; charset="UTF-8"

Hello Team,

I am responsibly disclosing a low-severity security issue identified on
your system.

Summary of the Issue

Issue Type: Apache Mod Negotiation Exposed Files
Technology: HTTP / Apache
Severity: Low

Affected Host:https://planet.nuug.no/index
[path="/index"]

Description

Apache server directory listing is enabled, exposing files like index.html
to public access.

Potential Risks

Exposure of internal files

Information disclosure about server structure

Increased attack surface for attackers

Recommended Remediation

Disable directory listing in Apache configuration

Use proper file permissions

Regularly audit publicly accessible directories

Best regards,
Keyur Maheta

--000000000000b9769e0648cdd3e2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">
<p>Hello Team,</p>
<p>I am responsibly disclosing a low-severity security issue identified on =
your system.</p>
<p>Summary of the Issue</p>
<pre class=3D"gmail-overflow-visible! gmail-px-0!"><div class=3D"gmail-cont=
ain-inline-size gmail-rounded-2xl gmail-corner-superellipse/1.1 gmail-relat=
ive gmail-bg-token-sidebar-surface-primary"><div class=3D"gmail-sticky gmai=
l-top-[calc(--spacing(9)+var(--header-height))] gmail-@w-xl/main:top-9"><di=
v class=3D"gmail-absolute end-0 gmail-bottom-0 gmail-flex gmail-h-9 gmail-i=
tems-center gmail-pe-2"><div class=3D"gmail-bg-token-bg-elevated-secondary =
gmail-text-token-text-secondary gmail-flex gmail-items-center gmail-gap-4 g=
mail-rounded-sm gmail-px-2 gmail-font-sans gmail-text-xs"></div></div></div=
><div class=3D"gmail-overflow-y-auto gmail-p-4" dir=3D"ltr"><code class=3D"=
gmail-whitespace-pre!"><span><span>Issue Type: Apache Mod Negotiation Expos=
ed Files

</span><span><span class=3D"gmail-hljs-section">Technology: HTTP / Apache</=
span></span><span>

</span><span><span class=3D"gmail-hljs-section">Severity: Low</span></span>=
<span>

Affected Host:
</span><span><span class=3D"gmail-hljs-section"><a href=3D"https://planet.n=
uug.no/index">https://planet.nuug.no/index</a></span></span><span>
[path=3D</span><span><span class=3D"gmail-hljs-string">&quot;/index&quot;</=
span></span><span>]
</span></span></code></div></div></pre>
<p>Description</p>
<p>Apache server directory listing is enabled, exposing files like <code>in=
dex.html</code> to public access.</p>
<p>Potential Risks</p>
<pre class=3D"gmail-overflow-visible! gmail-px-0!"><div class=3D"gmail-cont=
ain-inline-size gmail-rounded-2xl gmail-corner-superellipse/1.1 gmail-relat=
ive gmail-bg-token-sidebar-surface-primary"><div class=3D"gmail-sticky gmai=
l-top-[calc(--spacing(9)+var(--header-height))] gmail-@w-xl/main:top-9"><di=
v class=3D"gmail-absolute end-0 gmail-bottom-0 gmail-flex gmail-h-9 gmail-i=
tems-center gmail-pe-2"><div class=3D"gmail-bg-token-bg-elevated-secondary =
gmail-text-token-text-secondary gmail-flex gmail-items-center gmail-gap-4 g=
mail-rounded-sm gmail-px-2 gmail-font-sans gmail-text-xs"></div></div></div=
><div class=3D"gmail-overflow-y-auto gmail-p-4" dir=3D"ltr"><code class=3D"=
gmail-whitespace-pre!"><span><span>Exposure </span><span><span class=3D"gma=
il-hljs-keyword">of</span></span><span> </span><span><span class=3D"gmail-h=
ljs-type">internal</span></span><span> files

Information disclosure about </span><span><span class=3D"gmail-hljs-keyword=
">server</span></span><span> structure

Increased attack surface </span><span><span class=3D"gmail-hljs-keyword">fo=
r</span></span><span> attackers
</span></span></code></div></div></pre>
<p>Recommended Remediation</p>
<pre class=3D"gmail-overflow-visible! gmail-px-0!"><div class=3D"gmail-cont=
ain-inline-size gmail-rounded-2xl gmail-corner-superellipse/1.1 gmail-relat=
ive gmail-bg-token-sidebar-surface-primary"><div class=3D"gmail-sticky gmai=
l-top-[calc(--spacing(9)+var(--header-height))] gmail-@w-xl/main:top-9"><di=
v class=3D"gmail-absolute end-0 gmail-bottom-0 gmail-flex gmail-h-9 gmail-i=
tems-center gmail-pe-2"><div class=3D"gmail-bg-token-bg-elevated-secondary =
gmail-text-token-text-secondary gmail-flex gmail-items-center gmail-gap-4 g=
mail-rounded-sm gmail-px-2 gmail-font-sans gmail-text-xs"></div></div></div=
><div class=3D"gmail-overflow-y-auto gmail-p-4" dir=3D"ltr"><code class=3D"=
gmail-whitespace-pre!"><span><span><span class=3D"gmail-hljs-keyword">Disab=
le</span></span><span> directory listing </span><span><span class=3D"gmail-=
hljs-keyword">in</span></span><span> Apache </span><span><span class=3D"gma=
il-hljs-keyword">configuration</span></span><span>

Use proper file permissions

Regularly audit publicly accessible directories
</span></span></code></div></div></pre>
<p>Best regards,<br>
Keyur Maheta</p>

</div>

--000000000000b9769e0648cdd3e2--