Description

This web server is responding with a directory listing when the Host header is manipulated and various common virtual hosts and/or IP addresses are tested. This is a web server misconfiguration and should be fixed as it may disclose sensitive information to an attacker. Consult Attack details for more information.

Remediation

Fix virtual hosts configuration to resolve this problem.

References

Running several name-based web sites on a single IP address.

Related Vulnerabilities

Atlassian Confluence information disclosure

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

Drupal Backup Migrate directory publicly accessible

Laravel Terminal open

Severity

Medium

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Directory Listing