Details
Alert ID 0
Alert Type Active
Status release
Risk Medium
CWE 548
WASC 48
Technologies Targeted All
Tags CWE-548
OWASP_2017_A05
OWASP_2021_A01
POLICY_API
POLICY_QA_FULL
POLICY_QA_STD
More Info Scan Rule Help

Summary

It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.

Solution

Disable directory browsing. If this is required, make sure the listed files does not induce risks.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRule.java