OWASP Periodic Table of Vulnerabilities - Directory Indexing

From OWASP
Revision as of 21:48, 13 May 2013 by Peter Mosmans (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Directory Indexing

Root Cause Summary

A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution

None

Perimeter Solution

Disable directory listings in the web- or application-server configuration by default.
Restrict access to unnecessary directories and files.
Create an index (default) file for each directory.

Complexity: Low
Impact: Medium

Generic Framework Solution

<generic framework solutions here>

Complexity: High/Medium/Low
Impact: High/Medium/Low

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

Information Exposure Through Directory Listing (Mitre)
Security Misconfiguration (OWASP)