目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-548 通过目录枚举导致的信息暴露 类漏洞列表 49

CWE-548 通过目录枚举导致的信息暴露 类弱点 49 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-548 属于信息泄露漏洞,指服务器错误地暴露了包含目录内所有资源索引的目录列表。攻击者通常利用此缺陷,通过直接访问特定路径获取敏感文件、配置文件或备份数据,进而挖掘更多系统弱点。开发者应避免启用 Web 服务器的目录浏览功能,确保配置正确的访问控制策略,并定期审查目录权限,防止未授权用户通过遍历目录获取内部资源信息。

MITRE CWE 官方描述
CWE:CWE-548 通过目录列表(Directory Listing)暴露信息 英文:产品不当暴露了包含该目录内所有资源索引的目录列表(Directory Listing)。
常见影响 (1)
ConfidentialityRead Files or Directories
Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or c…
缓解措施 (1)
Architecture and Design, System ConfigurationRecommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack.
CVE ID标题CVSS风险等级Published
CVE-2014-125069 maps-js-icoads 路径遍历漏洞 — maps-js-icoads 4.3 Medium2023-01-08
CVE-2021-45446 Hitachi Pentaho Business Analytics 安全漏洞 — Pentaho Business Analytics Server 5.0 Medium2022-11-02
CVE-2022-30625 Chcnav P5E GNSS 信息泄露漏洞 — Chcnav - P5E GNSS 5.7 Medium2022-07-18
CVE-2021-27505 mySCADA myPRO 安全漏洞 — myPRO 7.5 High2022-05-13
CVE-2021-23195 Fresenius Kabi Agilia Connect Infusion System 信息泄露漏洞 — Vigilant Software Suite (Mastermed Dashboard) 5.3 Medium2022-01-21
CVE-2021-21528 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.5 High2021-11-12
CVE-2021-32515 QSAN Storage Manager 安全漏洞 — Storage Manager 5.3 Medium2021-07-07
CVE-2021-32511 QSAN Storage Manager 安全漏洞 — Storage Manager 4.3 Medium2021-07-07
CVE-2021-32510 QSAN Storage Manager 安全漏洞 — Storage Manager 4.3 Medium2021-07-07
CVE-2020-7858 AquaNPlayer 路径遍历漏洞 — AquaNPlayer 6.8 Medium2021-04-22
CVE-2020-15790 Siemens Spectrum Power 信息泄露漏洞 — Spectrum Power 4 5.3 -2020-09-09
CVE-2020-15081 PrestaShop 信息泄露漏洞 — PrestaShop 5.3 Medium2020-07-02
CVE-2020-8161 RubyGem Rack 路径遍历漏洞 — https://github.com/rack/rack 7.5 -2020-07-02
CVE-2019-5437 npm harp模块信息泄露漏洞 — harp 5.3 -2019-05-10
CVE-2019-5415 serve 信息泄露漏洞 — serve 7.5 -2019-03-17
CVE-2018-16493 static-resource-server 路径遍历漏洞 — static-resource-server 7.5 -2019-02-01
CVE-2018-14785 NetComm Wireless G LTE Light Industrial M2M Router(NWL-25)安全漏洞 — NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. 7.5 -2018-08-10
CVE-2018-10590 多款Advantech产品安全漏洞 — WebAccess 7.5 -2018-05-15
CVE-2017-6045 Trihedral VTScada 信息泄露漏洞 — Trihedral VTScada 7.5 -2017-06-21

CWE-548(通过目录枚举导致的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 49 条 CVE 漏洞。