This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Directory Indexing"
From OWASP
(Created page with "== Directory Indexing == === Root Cause Summary === A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker. ...") |
|||
Line 8: | Line 8: | ||
=== Perimeter Solution === | === Perimeter Solution === | ||
− | Disable directory listings in the web- or application-server configuration by default. | + | * Disable directory listings in the web- or application-server configuration by default. |
− | Restrict access to unnecessary directories and files. | + | * Restrict access to unnecessary directories and files. |
− | Create an index (default) file for each directory. | + | * Create an index (default) file for each directory. |
Complexity: Low<br> | Complexity: Low<br> | ||
− | Impact: | + | Impact: Low |
=== Generic Framework Solution === | === Generic Framework Solution === | ||
− | + | None | |
− | |||
− | |||
− | |||
=== Custom Framework Solution === | === Custom Framework Solution === | ||
Line 32: | Line 29: | ||
=== References === | === References === | ||
[http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br> | [http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br> | ||
− | [https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)] | + | [https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)]<br> |
+ | [https://www.owasp.org/index.php/File_System#Insecure_Indexing Insecure Indexing (OWASP)] |
Revision as of 02:51, 14 May 2013
Directory Indexing
Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.
Browser / Standards Solution
None
Perimeter Solution
- Disable directory listings in the web- or application-server configuration by default.
- Restrict access to unnecessary directories and files.
- Create an index (default) file for each directory.
Complexity: Low
Impact: Low
Generic Framework Solution
None
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None
References
Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)
Insecure Indexing (OWASP)