Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-548 (通过目录枚举导致的信息暴露) — Vulnerability Class 47

47 vulnerabilities classified as CWE-548 (通过目录枚举导致的信息暴露). AI Chinese analysis included.

CWE-548 represents an information exposure weakness where a software product inappropriately reveals a directory listing, effectively indexing all resources contained within a specific folder. This vulnerability is typically exploited by attackers who manually navigate to the affected URL or use automated scripts to enumerate sensitive files, such as configuration backups, source code, or internal documents, without requiring authentication. By exposing this metadata, organizations inadvertently provide adversaries with valuable intelligence for further attacks, including credential harvesting or targeted exploitation of known vulnerabilities. To prevent this, developers must explicitly disable directory indexing on web servers and configure access control lists to restrict unauthorized browsing. Additionally, implementing proper authentication mechanisms and regularly auditing web server configurations ensures that only authorized users can access specific resources, thereby mitigating the risk of unintended data disclosure.

MITRE CWE Description
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
Common Consequences (1)
ConfidentialityRead Files or Directories
Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or c…
Mitigations (1)
Architecture and Design, System ConfigurationRecommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
CVE IDTitleCVSSSeverityPublished
CVE-2022-30625 Chcnav - P5E GNSS Directory listing — Chcnav - P5E GNSS 5.7 Medium2022-07-18
CVE-2021-27505 mySCADA myPRO Exposure of Information Through Directory Listing — myPRO 7.5 High2022-05-13
CVE-2021-23195 Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing — Vigilant Software Suite (Mastermed Dashboard) 5.3 Medium2022-01-21
CVE-2021-21528 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.5 High2021-11-12
CVE-2021-32515 QSAN Storage Manager - Exposure of Information Through Directory Listing — Storage Manager 5.3 Medium2021-07-07
CVE-2021-32511 QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function — Storage Manager 4.3 Medium2021-07-07
CVE-2021-32510 QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function — Storage Manager 4.3 Medium2021-07-07
CVE-2020-7858 AquaNPlayer directory traversing vulnerability — AquaNPlayer 6.8 Medium2021-04-22
CVE-2020-15790 Siemens Spectrum Power 信息泄露漏洞 — Spectrum Power 4 5.3 -2020-09-09
CVE-2020-15081 Information exposure in the upload directory in PrestaShop — PrestaShop 5.3 Medium2020-07-02
CVE-2020-8161 RubyGem Rack 路径遍历漏洞 — https://github.com/rack/rack 7.5 -2020-07-02
CVE-2019-5437 npm harp模块信息泄露漏洞 — harp 5.3 -2019-05-10
CVE-2019-5415 serve 信息泄露漏洞 — serve 7.5 -2019-03-17
CVE-2018-16493 static-resource-server 路径遍历漏洞 — static-resource-server 7.5 -2019-02-01
CVE-2018-14785 NetComm Wireless G LTE Light Industrial M2M Router(NWL-25)安全漏洞 — NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. 7.5 -2018-08-10
CVE-2018-10590 多款Advantech产品安全漏洞 — WebAccess 7.5 -2018-05-15
CVE-2017-6045 Trihedral VTScada 信息泄露漏洞 — Trihedral VTScada 7.5 -2017-06-21

Vulnerabilities classified as CWE-548 (通过目录枚举导致的信息暴露) represent 47 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.