CWE-548
Exposure of Information Through Directory Listing
Description
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Files or Directories
Potential Mitigations
Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
CVE-2023-37599web interface is configured to allow directory listing of a module path
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now