Directory Listing. [https://torproject.org/]
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.
Read More at : http://cwe.mitre.org/data/definitions/548.html and https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Directory_Indexing
The Website https://torproject.org have a Vulnerability of Directory Listing Which may Loss Some Certain DATA and the Data may Loss to the Attacker. Directory Listing is not Much Vulnerable But Information may Be loss and if the Attacker Try to Tunnel Some Directory so that Information May Leak to which is Critical.
Exmaple :
https://torproject.org/js/
https://torproject.org/css/
https://torproject.org/docs/
https://torproject.org/images/
https://torproject.org/include/
This All are Visible to the Normal User which is not good fro the Respective Org. The Hard-Work of Developer for Writing the CSS or JS is wasted.
Rather than That https://torproject.org/cgi-bin/ https://torproject.org/server-status/
But if Attacker Try to tunnel this respective Websites he/she will be able to grab the Details of the Website. It can Play Major Vulnerability and a normal Vulnerability to.
For Patching : The Developer just have to host a File to the Server Which is .htaccess This File will Restrict all the Directory to a Normal User or a Web-Surfer and if Attacker try to Tunnel it he/she will Grab Nothing.
Please Patch it Soon.
ThankYou Dhiraj Mishra.
Trac:
Username: Dhiraj