Directory Listing (Lighttpd)
Summary#
Invicti identified a Directory Listing (lighttpd).
The web server responded with a list of files located in the target directory.
Impact#
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Actions To Take#
- Change your
lighttpd.conf
file. A secure configuration for the requested directory should be similar to the following:dir-listing.activate = "disable"
- Configure the web server to disallow directory listing requests.
- Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.