|
|
|
|
CWE-548 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 548 (Weakness Variant) | | Description | Summary A directory listing is inappropriately exposed, yielding potentially sensitive information
to attackers. | | Potential Mitigations | Recommendations include restricting access to important directories or files by
adopting a need to know requirement for both the document and server root, and turning off
features such as Automatic Directory Listings that could expose private files and provide
information that could be utilized by an attacker when formulating or conducting an
attack. | | Context Notes | Risks associated with an attacker discovering a Directory Listing, which is a complete
index of all of the resources located in that directory, result from the fact that files that
should remain hidden, such as data files, backed-up source code, or applications in development,
may then be visible. The specific risks depend upon the specific files that are listed and
accessible. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
