[原文]Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
Apple Mac OS X Find-By-Content .FBCIndex Web File Content Disclosure
Remote / Network Access
Loss of Confidentiality
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a .FBCIndex file is created by the Finder in the root of a web-accessible directory, which will disclose file content information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Use a <FilesMatch> directive in httpd.conf to restrict access to 'hidden' files: <FilesMatch '^.'> Order allow, deny Deny from all </FilesMatch>
Restart Apache after the changes to the configuration file.