Details
Alert Id 0
Alert Type Active Scan Rule
Status release
Risk Medium
CWE 548
WASC 48

Summary

It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.

Solution

Disable directory browsing. If this is required, make sure the listed files does not induce risks.

References

Code

org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRule.java