Title : "Browsable Web Directories"
Threat: The GRCP review team observed that the remote web server is configured to allow listing of directories. As a result, the internal scripts of webserver can be reveal.
Impact: A remote attacker might able to view the contents/scripts of directory on the web server, which might expose some sensitive information of web server.
Recommendation: It is recommended to disable directory listing by creating an empty index file in the relevant directory or disabling directory listing from the Directory Browsing settings in the IIS manager console.
Release : 4.3
Component : CA SOFTWARE ASSET MANAGER
Please disable the directory listing by following above documented steps to address the vulnerability.