Link to home
Start Free TrialLog in
Avatar of fly-fast

asked on

Need some help in understanding the 'HTTP Generic Browseable Directory' vulnerability in Apache

Can someone please elaborate on this please?  I've seen this vulnerability before, but I am trying to understand the potential risk to an organization.  Can someone please put this in context?

Avatar of Julian Matz
Julian Matz
Flag of Ireland image

Not sure which vulnerability you mean. Where did you see it? Do you mean one of the vulnerabilities that causes Apache to display a directory listing instead of the default index page?
Avatar of fly-fast


That's all I know really.  I know that it pertains to Apache having 'open' browseable directories?
Avatar of fifthelement80

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok. It might refer to the option "Indexes" being enabled in Apache. This option can be enabled through a .htaccess file or the server's configuration file. Having this option enabled would make Apache show a list of all files and subdirectories in the inside the requested path. This is not a huge security risk, but you may not want the world to see your entire file structure. To disable this you could simply use:

Options -Indexes