SYM_JSTS_0055 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Information Through Directory Listing
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-548: Exposure of Information Through Directory Listing |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The application enables directory listing, which lets users view all files and folders within a directory over the web. This can accidentally expose sensitive files or directories that should remain hidden.
Impact
Attackers could browse and access confidential files, source code, environment variables, or backups, leading to information disclosure, data leaks, or further attacks against the application and its users.