Exposure of Information Through Directory Listing
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-548: Exposure of Information Through Directory Listing |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The application enables directory listing, which lets users view all files and folders within a directory over the web. This can accidentally expose sensitive files or directories that should remain hidden.
Impact#
Attackers could browse and access confidential files, source code, environment variables, or backups, leading to information disclosure, data leaks, or further attacks against the application and its users.