Description

This web server is responding with a directory listing when the Host header is manipulated and various common virtual hosts and/or IP addresses are tested. This is a web server misconfiguration and should be fixed as it may disclose sensitive information to an attacker. Consult Attack details for more information.

Remediation

Fix virtual hosts configuration to resolve this problem.

References

Running several name-based web sites on a single IP address.

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)

Tiki Wiki CMS: Remote Code Execution via Calendar Module

WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Information Disclosure (2.7.6)

ASP.NET connection strings stored in plaintext

Severity

Medium

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Directory Listing