CWE-548

Exposure of Information Through Directory Listing

AI Translation Available

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

Status

draft

Abstraction

variant

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read files or directories

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design system configuration

Descriptions:

• Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere file o directory

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design configurazione sistema

Descriptions:

• Le raccomandazioni includono il restringimento dell'accesso a directory o file importanti adottando il principio del bisogno di conoscere sia per il documento che per la root del server, e la disattivazione di funzionalità come Automatic Directory Listings che potrebbero esporre file privati e fornire informazioni che un attaccante potrebbe utilizzare nella formulazione o nell'esecuzione di un attacco.

CWE-548

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter