Description
Directory listing, when enabled, exposes the complete index of resources within a directory to potential attackers. This can lead to unauthorized access to sensitive files and directories, depending on what is listed and accessible.
Recommendation
To mitigate the risk of information disclosure, either create a default index file (e.g., index.html) within directories or disable directory listing in the web server configurations.
References
Related Issues
- Directory Listing of Sensitive Files - Vulnerability
- Microsoft IIS Tilde Directory Enumeration - Vulnerability
- Apache Version Disclosure - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- Tags:
- Information Disclosure
- Directory Listing
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024