Details
Alert Id 0
Alert Type Active
Status release
Risk Medium
CWE 548
WASC 48
Tags OWASP_2017_A05
OWASP_2021_A01

Summary

It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.

Solution

Disable directory browsing. If this is required, make sure the listed files does not induce risks.

References

Code

org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRule.java