Directory Listing (LigHTTPD)
Ibrahim Shaikh
pkeagle8 at gmail.com
Mon Apr 10 15:26:51 EDT 2017
Hello Pidgin.im Security,
I've detected a directory listing (lighttpd).The web server responded with
a list of files located in the target directory. An attacker can see the
files located in the directory and could potentially access files which
disclose sensitive information.
URL:
http://pidgin.im/shared/
Screeshot:
directorylistingpidgin.PNG
Remedy (Solutioin):
1. Change your lighttpd.conf file. A secure configuration for the
requested directory should be similar to the following:
dir-listing.activate = "disable"
2. Configure the web server to disallow directory listing requests.
3. Ensure that the latest security patches have been applied to the web
server and the current stable version of the software is in use.
Kind Regards,
Ibrahim Shaikh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170410/c04ea9e4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: directorylistingpidgin.PNG
Type: image/png
Size: 22565 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170410/c04ea9e4/attachment-0001.png>
More information about the security
mailing list