125 – Directory listing

Description

The system displays the applications directories, allowing an attacker to know the content of the files stored on the server.

Impact

- Obtain technical or sensitive information of the files stored in the applications directory. - Collect technical information on the application.

Recommendation

- Disable the configurations of the server that allow to execute directory listing. - Establish index files that will be shown when the directories are loaded.

Threat

External attacker with access to the application.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 176 - Restrict system objects
• 266 - Disable insecure functionalities

Fixes

• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/13