Full Path Disclosure

Docs > Alerts

Details
Alert ID	110009
Alert Type	Passive
Status	alpha
Risk	Low
CWE	209
WASC	13
Technologies Targeted	All
Tags	CWE-209 OWASP_2021_A05 WSTG-V42-ERRH-01
More Info	Scan Rule Help

Summary

The full path of files which might be sensitive has been exposed to the client.

Solution

Disable directory browsing in your web server. Refer to the web server documentation.

Other Info

References

https://owasp.org/www-community/attacks/Full_Path_Disclosure

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FullPathDisclosureScanRule.java