
Root Dot Dot
The scan engine succeeded in accessing the directory above the root directory
of the server. The WWW server returned a listing of this directory. A potential
intruder could obtain a listing of the directory above the directory set aside
for WWW files. This would provide additional information for planning an
attack, or could allow an intruder to download files elsewhere in the file system.
Risk: Medium
Fix: Check with the vendor and documentation of your WWW server software for
information on correct configuration. If necessary, install a more recent (and
secure) version of the server.