Directory listing


(Live Blog) #1

does anyone help with disabling Directory Listing

our scan is failing with the following error

PCI COMPLIANCE STATUS
PCI Severity:
The QID adheres to the PCI requirements based on the CVSS basescore.
Automatic Failure: Directory traversal on web server
VULNERABILITY DETAILS
CVSS Base Score: 5 AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Score: 4.5 E:POC/RL:U/RC:C
Severity: 2
QID: 150023
Category: Web Application
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Last Update: 09/13/2018
THREAT:
The Web server presents a directory listing.
IMPACT:
All file names in this directory are exposed.
SOLUTION:
The presence of a browseable directory does not necessarily imply a vulnerability. Determine if the directory listing is intended to be displayed. Verify
that no files in the directory contain content that should not be served by the Web application.
RESULT:
url: https://192.x.x.xicons/.
Payload: https://192.x.x.x/icons/.
matched:

Index of /icons

(Lukas Winkler) #2

Hi,

How to disable directory listing totally depends on which webserver you are using. I’d recommend you to look up the documentation for your webserver about this topic.