Detail

Directory Listing (Tomcat)

Severity: Information

Summary #

Invicti identified a Directory Listing (Tomcat).

The web server responded with a list of files located in the target directory.

Impact #
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Actions To Take #
  1. Change your web.xml file. A secure configuration for the requested directory should be similar to the following: 
    <init-param>
    <param-name>listings</param-name>
    <param-value>false</param-value>
</init-param>
  2. Configure the web server to disallow directory listing requests.
  3. Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
Classifications #
CAPEC-127; CWE-548; ISO27001-A.9.4.1; WASC-16; OWASP PC-C6; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A5  OWASP 2017-A6 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo

Invicti Security Corp
220 Industrial Blvd Ste 102
Austin, TX 78745

© Invicti 2022

RESOURCES

USE CASES

WEB SECURITY

COMPANY

© Invicti 2022

SSA Privacy Policy California Privacy Rights Terms of Use Accessibility Sitemap