CAPEC-127
CWE-548
ISO27001-A.9.4.1
WASC-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

Directory Listing (ASP.NET Server)

Severity:
Information
Summary

Invicti identified a Directory Listing (ASP.NET server).

The web server responded with a list of files located in the target directory.

Impact

An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.

Remediation
Required Skills for Successful Exploitation
Actions To Take
  1. Configure the web server to disallow directory listing requests.
  2. Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
Classifications
CAPEC-127
CWE-548
ISO27001-A.9.4.1
WASC-16
OWASP 2013-A5
OWASP 2017-A6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index

You can search and find all vulnerabilities

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Related Vulnerabilities

Featured resources

No items found.
No items found.
View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo