Invicti identified a Directory Listing (Tomcat).
The web server responded with a list of files located in the target directory.
- Change your
web.xmlfile. A secure configuration for the requested directory should be similar to the following:
<init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param>
- Configure the web server to disallow directory listing requests.
- Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.