Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Directory Indexing"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 +
[[OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities|Return to Periodic Table Working View]]
 +
 
== Directory Indexing ==
 
== Directory Indexing ==
  
Line 11: Line 13:
 
* Restrict access to unnecessary directories and files.
 
* Restrict access to unnecessary directories and files.
 
* Create an index (default) file for each directory.
 
* Create an index (default) file for each directory.
 
Complexity: Low<br>
 
Impact: Low
 
  
 
=== Generic Framework Solution ===
 
=== Generic Framework Solution ===

Latest revision as of 14:06, 15 May 2013

Return to Periodic Table Working View

Contents

Directory Indexing

Root Cause Summary

A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution

None

Perimeter Solution

  • Disable directory listings in the web- or application-server configuration by default.
  • Restrict access to unnecessary directories and files.
  • Create an index (default) file for each directory.

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)
Insecure Indexing (OWASP)