Detail

Directory Listing (Nginx)

Severity: Information

Summary

Netsparker identified a directory listing (Nginx).

The web server responded with a list of files located in the target directory.

Impact
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Actions To Take
  1. Change your nginx.conf file. A secure configuration for the requested directory should be similar to the following:
    location /{YOUR DIRECTORY} {
    autoindex off; 
}
  2. Configure the web server to disallow directory listing requests.
  3. Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
Classifications
CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

NETSPARKER

WEB SECURITY

COMPANY

Netsparker Ltd

  • United Kingdom, (reg. no. 06947644)
  • USA Office: +1 415 877 4450
  • UK Office: +44 (0)20 3588 3840
  • contact@netsparker.com
Copyright © 2018 Netsparker Ltd. All rights reserved. | Privacy Policy