Common Weakness Enumeration

CWE-548

Allowed

Exposure of Information Through Directory Listing

Abstraction: Variant · Status: Draft

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

101 vulnerabilities reference this CWE, most recent first.

CVE-2014-125069 (GCVE-0-2014-125069)

Vulnerability from cvelistv5 – Published: 2023-01-08 10:29 – Updated: 2024-08-06 14:10
VLAI
Title
saxman maps-js-icoads exposure of information through directory listing
Summary
A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.
CWE
  • CWE-548 - Exposure of Information Through Directory Listing
Assigner
References
URL Tags
https://vuldb.com/?id.217644 vdb-entrytechnical-description
https://vuldb.com/?ctiid.217644 signaturepermissions-required
https://github.com/saxman/maps-js-icoads/commit/3… patch
Impacted products
Credits
VulDB GitHub Commit Analyzer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:10:56.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217644"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217644"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "maps-js-icoads",
          "vendor": "saxman",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in saxman maps-js-icoads ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Beeinflussen mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 34b8b0cce2807b119f4cffda2ac48fc8f427d69a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-548",
              "description": "CWE-548 Exposure of Information Through Directory Listing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T06:37:25.567Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.217644"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217644"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-01-08T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-01-08T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-01-30T08:53:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "saxman maps-js-icoads exposure of information through directory listing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2014-125069",
    "datePublished": "2023-01-08T10:29:51.522Z",
    "dateReserved": "2023-01-08T10:29:29.723Z",
    "dateUpdated": "2024-08-06T14:10:56.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-269F-C6H8-6GV2

Vulnerability from github – Published: 2023-01-08 12:30 – Updated: 2023-01-12 18:30
VLAI
Details

A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-125069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-08T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.",
  "id": "GHSA-269f-c6h8-6gv2",
  "modified": "2023-01-12T18:30:28Z",
  "published": "2023-01-08T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125069"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217644"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217644"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2C59-J8FR-6828

Vulnerability from github – Published: 2024-03-21 03:36 – Updated: 2024-08-06 18:30
VLAI
Details

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-21T02:49:38Z",
    "severity": "HIGH"
  },
  "details": "A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.",
  "id": "GHSA-2c59-j8fr-6828",
  "modified": "2024-08-06T18:30:49Z",
  "published": "2024-03-21T03:36:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49979"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geraldoalcantara/CVE-2023-49979"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GP2-MFG4-Q5MV

Vulnerability from github – Published: 2026-02-17 21:31 – Updated: 2026-02-17 21:31
VLAI
Details

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T20:22:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system.",
  "id": "GHSA-2gp2-mfg4-q5mv",
  "modified": "2026-02-17T21:31:14Z",
  "published": "2026-02-17T21:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38265"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7259955"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2X5M-6JX4-JR66

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20
VLAI
Details

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-12T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.",
  "id": "GHSA-2x5m-6jx4-jr66",
  "modified": "2022-05-24T19:20:37Z",
  "published": "2022-05-24T19:20:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21528"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000193005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-36HM-C9F8-F8XC

Vulnerability from github – Published: 2026-06-05 15:32 – Updated: 2026-06-05 15:32
VLAI
Details

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonrpc.js). The query accepts a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default configuration, allowing a remote, unauthenticated attacker to enumerate arbitrary locations on the host filesystem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-05T14:16:36Z",
    "severity": "MODERATE"
  },
  "details": "Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonrpc.js). The query accepts a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default configuration, allowing a remote, unauthenticated attacker to enumerate arbitrary locations on the host filesystem.",
  "id": "GHSA-36hm-c9f8-f8xc",
  "modified": "2026-06-05T15:32:25Z",
  "published": "2026-06-05T15:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50233"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/lyrion-music-server-arbitrary-directory-listing"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5991.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3P7Q-RQJ4-RF3G

Vulnerability from github – Published: 2025-10-14 15:31 – Updated: 2025-10-14 15:31
VLAI
Details

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T15:16:08Z",
    "severity": "MODERATE"
  },
  "details": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.",
  "id": "GHSA-3p7q-rqj4-rf3g",
  "modified": "2025-10-14T15:31:27Z",
  "published": "2025-10-14T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27906"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7247854"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3PJ2-86G9-6MF7

Vulnerability from github – Published: 2024-09-05 18:30 – Updated: 2024-09-05 18:30
VLAI
Details

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-05T16:15:07Z",
    "severity": "MODERATE"
  },
  "details": "IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.",
  "id": "GHSA-3pj2-86g9-6mf7",
  "modified": "2024-09-05T18:30:56Z",
  "published": "2024-09-05T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45096"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7167255"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42JJ-4CC5-RM9V

Vulnerability from github – Published: 2025-05-16 21:32 – Updated: 2025-05-16 21:32
VLAI
Details

A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-548"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-16T20:15:22Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-42jj-4cc5-rm9v",
  "modified": "2025-05-16T21:32:12Z",
  "published": "2025-05-16T21:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4807"
    },
    {
      "type": "WEB",
      "url": "https://github.com/laifeng-boy/cve/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.309261"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.309261"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.572238"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-45J8-PM75-5V8X

Vulnerability from github – Published: 2019-02-07 18:18 – Updated: 2020-08-31 18:42
VLAI
Summary
Path Traversal in simplehttpserver
Details

Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.

Recommendation

Upgrade to version 0.2.1 or later.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "static-resource-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-16493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-548"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:57:24Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Versions of `simplehttpserver` prior to 0.2.1 are vulnerable to Path Traversal.  Due to insufficient input sanitization, attackers can access server files by using relative paths. \n\n\n## Recommendation\n\nUpgrade to version 0.2.1 or later.",
  "id": "GHSA-45j8-pm75-5v8x",
  "modified": "2020-08-31T18:42:22Z",
  "published": "2019-02-07T18:18:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16493"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/357109"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/432600"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-45j8-pm75-5v8x"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/967"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/968"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Path Traversal in simplehttpserver"
}

Mitigation
Architecture and Design System Configuration

Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.

No CAPEC attack patterns related to this CWE.