Details
Alert Id 10033
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files , backup source files, etc., which be accessed to reveal sensitive information.

Solution

Configure the web server to disable directory browsing.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/DirectoryBrowsingScanRule.java