IGEL OS flagged by a vulnerablity scan to have the following feature turned off “web server directory indexing”


Hello! We have had our IGELs flagged by a vulnerablity scan to have the following feature turned off “web server directory indexing”. Are there any adverse effects of turning this off on the igel stations for Apache and the IIS server

Learn more, read the entire thread inside the IGEL Community o Slack

Hello, is it meant by UMS or Igel OS Device?


This was reported for the igel OS as wells as UMS from what we are being told by the security scans.

Do you happen to know if the IGEL ios runs Apache on them by default ? (sorry i’m a bit newer to IGEL as a whole)


We run Tomcat, but there isn’t a supported way to disable that. Is there a way to explain why it is shown up as vulnerability?


I just reached back out to the Client who is running this and it is flagged as a low security risk vulnerability 101049 – but they still want to mitigate the issue by having the indexing feature turned off.

i was able to see some info on this site about tomcat: www.netsparker.com/blog/web-security/disable-directory-listing-web-servers/

but i’m not sure if this is something that iGELs would support and be able to push out through UMS


I wouldn’t recommend to turn off that features since they are needed partially from our Products. I will ask our devs.


Thank you, if there is any decimation on this, please also provide me that info so i can go over this with our client! I appreciate the fast turnaround Sebastien, you rock!

Hey , just wondering if you have heard anything back from the development team?

Hello, is there any update on this ? Should i open a ticket with iGEL vs using slack?


No, sorry, our devs are mostly on vacation but I received a feedback that you may open a ticket and see if it could get evaluated in a Feature request.


Thank you for the update. i will open a ticket about this. For now, its unknown how the igels will handle having this feature disabled, is that correct?


Exactly!

Continue reading and comment on the thread ‘IGEL OS flagged by a vulnerablity scan to have the following feature turned off “web server directory indexing”‘.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base



Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!


Popular Message Threads


Categories & Tags: