Magento Directory Listing

medium Web Application Scanning Plugin ID 98986

Synopsis

Magento Directory Listing

Description

The scanner has detected publicly accessible directory listings on the Magento web application. This may expose sensitive information to an attacker which may allow for further exploitation techniques to be leveraged, possibly leading to sensitive information leakage or a compromise of the target server.

Solution

Ensure requests to sensitive resources and directories are blocked using .htaccess files or by using a WAF for example.

See Also

https://docs.magento.com/m1/ce/user_guide/magento/magento-security-best-practices.html

Plugin Details

Severity: Medium

ID: 98986

Type: remote

Published: 3/20/2020

Updated: 11/26/2021

Scan Template: scan, pci

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information