Details
Alert Id 10033
Alert Type Passive
Status release
Risk
CWE
WASC
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A05

Summary

It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files , backup source files, etc., which be accessed to reveal sensitive information.

Solution

Configure the web server to disable directory browsing.

References

Code

org/zaproxy/zap/extension/pscanrules/DirectoryBrowsingScanRule.java