This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Directory Indexing"
From OWASP
James Landis (talk | contribs) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | [[OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities|Return to Periodic Table Working View]] | ||
+ | |||
== Directory Indexing == | == Directory Indexing == | ||
Line 11: | Line 13: | ||
* Restrict access to unnecessary directories and files. | * Restrict access to unnecessary directories and files. | ||
* Create an index (default) file for each directory. | * Create an index (default) file for each directory. | ||
− | |||
− | |||
− | |||
=== Generic Framework Solution === | === Generic Framework Solution === |
Latest revision as of 19:06, 15 May 2013
Return to Periodic Table Working View
Directory Indexing
Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.
Browser / Standards Solution
None
Perimeter Solution
- Disable directory listings in the web- or application-server configuration by default.
- Restrict access to unnecessary directories and files.
- Create an index (default) file for each directory.
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None
References
Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)
Insecure Indexing (OWASP)