Description

Directory listing is a web server function that displays a list of all the files when there is no index file, such as index.php and default.asp in a specific website directory.

Some web administrators do not properly configure web servers to disable the Directory Listing or sometimes do not do it at all.

For instance, administrators may make complex configuration settings, such as to allow directory listing for particular directories or subdirectories. The improper configuration of this task might result in the unexpected and unintended enabling of listing of directories which contain sensitive information.

See how to fix it!

Risk

A user can view a list of all files from this directory, possibly exposing sensitive information.

How to prevent Directory Listing

Prevent Directory Listing in ASP.NET
Prevent Directory Listing in Apache

References

https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_…

Share with your friends

appsec-labs-logo-007

No comments yet.

Leave a Reply

You must be logged in to post a comment.