| Details | |
|---|---|
| Alert Id | 0 |
| Alert Type | Active |
| Status | release |
| Risk | Medium |
| CWE | 548 |
| WASC | 48 |
| Technologies Targeted | All |
| Tags |
CWE-548 OWASP_2017_A05 OWASP_2021_A01 |
Summary
It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.
Solution
Disable directory browsing. If this is required, make sure the listed files does not induce risks.Other Info
References
- http://httpd.apache.org/docs/mod/core.html#options
- http://alamo.satlug.org/pipermail/satlug/2002-February/000053.html