OWASP Periodic Table of Vulnerabilities - Directory Indexing

Return to Periodic Table Working View

Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.

Browser / Standards Solution
None

Perimeter Solution

 * Disable directory listings in the web- or application-server configuration by default.
 * Restrict access to unnecessary directories and files.
 * Create an index (default) file for each directory.

Generic Framework Solution
None

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
None