Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Directory Indexing"

From OWASP
Jump to: navigation, search
(Created page with "== Directory Indexing == === Root Cause Summary === A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker. ...")
 
Line 8: Line 8:
  
 
=== Perimeter Solution ===
 
=== Perimeter Solution ===
Disable directory listings in the web- or application-server configuration by default.<br>
+
* Disable directory listings in the web- or application-server configuration by default.
Restrict access to unnecessary directories and files.<br>
+
* Restrict access to unnecessary directories and files.
Create an index (default) file for each directory.
+
* Create an index (default) file for each directory.
  
 
Complexity: Low<br>
 
Complexity: Low<br>
Impact: Medium
+
Impact: Low
  
 
=== Generic Framework Solution ===
 
=== Generic Framework Solution ===
<generic framework solutions here>
+
None
 
+
Complexity: High/Medium/Low<br>
+
Impact: High/Medium/Low
+
  
 
=== Custom Framework Solution ===
 
=== Custom Framework Solution ===
Line 32: Line 29:
 
=== References ===
 
=== References ===
 
[http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br>
 
[http://cwe.mitre.org/data/definitions/548.html Information Exposure Through Directory Listing (Mitre)]<br>
[https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)]
+
[https://www.owasp.org/index.php/Top_10_2010-A6-Security_Misconfiguration Security Misconfiguration (OWASP)]<br>
 +
[https://www.owasp.org/index.php/File_System#Insecure_Indexing Insecure Indexing (OWASP)]

Revision as of 21:51, 13 May 2013

Contents

Directory Indexing

Root Cause Summary

A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution

None

Perimeter Solution

  • Disable directory listings in the web- or application-server configuration by default.
  • Restrict access to unnecessary directories and files.
  • Create an index (default) file for each directory.

Complexity: Low
Impact: Low

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)
Insecure Indexing (OWASP)