OWASP Periodic Table of Vulnerabilities - Directory Indexing

Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution
None

Perimeter Solution
Disable directory listings in the web- or application-server configuration by default. Restrict access to unnecessary directories and files. Create an index (default) file for each directory.

Complexity: Low Impact: Medium

Generic Framework Solution


Complexity: High/Medium/Low Impact: High/Medium/Low

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
None