Details
Alert ID 110009
Alert Type Passive
Status alpha
Risk Low
CWE 209
WASC 13
Technologies Targeted All
Tags CWE-209
OWASP_2017_A06
OWASP_2021_A05
OWASP_2025_A02
POLICY_DEV_STD
POLICY_PENTEST
POLICY_QA_STD
WSTG-V42-ERRH-01
More Info Scan Rule Help

Summary

The full path of files which might be sensitive has been exposed to the client.

Solution

Disable directory browsing in your web server. Refer to the web server documentation.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FullPathDisclosureScanRule.java