STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240255

CAT II (Medium)

Lighttpd must disable directory browsing.

Rule ID

SV-240255r879655_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001312

Discussion

If not disabled, the directory listing feature can be used to facilitate a directory traversal exploit. Directory listing must be disabled. Lighttpd provides a configuration setting, dir-listing.activate, that must be set properly in order to globally disable directory listing.

Check Content

At the command prompt, execute the following command:

grep '^dir-listing.activate' /opt/vmware/etc/lighttpd/lighttpd.conf

If the value for "dir-listing.activate" is not set to "disable", this is a finding.

Fix Text

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf

Configure the "lighttpd.conf" file with the following:

 dir-listing.activate  = "disable"