This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Periodic Table of Vulnerabilities - Directory Indexing
From OWASP
Revision as of 02:48, 14 May 2013 by Peter Mosmans (talk | contribs) (Created page with "== Directory Indexing == === Root Cause Summary === A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker. ...")
Directory Indexing
Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.
Browser / Standards Solution
None
Perimeter Solution
Disable directory listings in the web- or application-server configuration by default.
Restrict access to unnecessary directories and files.
Create an index (default) file for each directory.
Complexity: Low
Impact: Medium
Generic Framework Solution
<generic framework solutions here>
Complexity: High/Medium/Low
Impact: High/Medium/Low
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None
References
Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)