Directory Listing

Impact: Low

Description

Directory listing, when enabled, exposes the complete index of resources within a directory to potential attackers. This can lead to unauthorized access to sensitive files and directories, depending on what is listed and accessible.

Recommendation

To mitigate the risk of information disclosure, either create a default index file (e.g., index.html) within directories or disable directory listing in the web server configurations.

References

CWE-200
CWE-548
OWASP 2021-A5

👉 You might also like:

Directory Listing of Sensitive Files - Vulnerability

Microsoft IIS Tilde Directory Enumeration - Vulnerability

Apache Version Disclosure - Vulnerability

ASP.NET Version Disclosure - Vulnerability

Last updated on May 13, 2024

Directory Listing

Description

Recommendation

References

Use SmartScanner Free version to test for this issue