MY_IP_ADDRESS/tmp on port 80 found on a vulnerability PCI scan

I had a vulnerability scan fail because apparently there is a /tmp available on my server IP on port 80.

If I visit the page it is just blank.

Running Virtualmin on Centos 7, apache server.

Any thoughts?

Thank you


Never mind, looks like one of my sites running on virtualmin was somehow allowing port 80 with a direct IP… Not sure how but deleted the directory.