Directory Listing Enabled

Vulnerability Details

The web server is configured to display directory listings when no index file is present, exposing the file structure and potentially sensitive files to anyone browsing the directory.

Attackers can discover hidden files, backup files, configuration files, or other sensitive resources that were not intended to be publicly accessible.

Disable directory listing in the web server configuration. Add index files to all directories. Review exposed directories for sensitive content. Implement proper access controls on all files.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information