Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Directory Indexing"

From OWASP
Jump to: navigation, search
(Created page with "== Directory Indexing == === Root Cause Summary === A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker. ...")
 
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities|Return to Periodic Table Working View]]
 +
 
== Directory Indexing ==
 
== Directory Indexing ==
  
Line 8: Line 10:
  
 
=== Perimeter Solution ===
 
=== Perimeter Solution ===
Disable directory listings in the web- or application-server configuration by default.<br>
+
* Disable directory listings in the web- or application-server configuration by default.
Restrict access to unnecessary directories and files.<br>
+
* Restrict access to unnecessary directories and files.
Create an index (default) file for each directory.
+
* Create an index (default) file for each directory.
 
+
Complexity: Low<br>
+
Impact: Medium
+
  
 
=== Generic Framework Solution ===
 
=== Generic Framework Solution ===
<generic framework solutions here>
+
None
 
+
Complexity: High/Medium/Low<br>
+
Impact: High/Medium/Low
+
  
 
=== Custom Framework Solution ===
 
=== Custom Framework Solution ===
Line 32: Line 28:
 
=== References ===
 
=== References ===
 
[http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br>
 
[http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br>
[https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)]
+
[https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)]<br>
 +
[https://www.owasp.org/index.php/File_System#Insecure_Indexing Insecure Indexing (OWASP)]

Latest revision as of 14:06, 15 May 2013

Return to Periodic Table Working View

Contents

Directory Indexing

Root Cause Summary

A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution

None

Perimeter Solution

  • Disable directory listings in the web- or application-server configuration by default.
  • Restrict access to unnecessary directories and files.
  • Create an index (default) file for each directory.

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)
Insecure Indexing (OWASP)