Exposure of Information Through Directory Listing
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-548: Exposure of Information Through Directory Listing |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The application enables directory browsing, which lets anyone view the contents of server directories through a web browser. This configuration can unintentionally expose sensitive files or internal code to users who should not have access.
Impact#
If exploited, attackers could access and download files that were not meant to be public, such as configuration files, backups, or source code. This could lead to data leaks, further attacks, or the compromise of sensitive information and internal operations.