Cyber Resilience

CWE · MITRE source

CWE-548Exposure of Information Through Directory Listing

Abstraction: Variant · CVEs in our corpus: 57

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

Last updated: 04 July 2026 08:17 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 2 mapping(s) from 2 framework(s): OWASP-Web 1 (mostly) · ATT&CK 1 (mostly)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A01:2025 Broken Access Control.

NIST 800-53 r5 controls that address this weakness (3)AI

Control Title Family Why it addresses this CWE
SC-30Concealment and MisdirectionSCDirectory listings and resource enumeration can be suppressed or populated with misleading entries.
SC-38Operations SecuritySCReduces exposure via directory listings or accessible files when OPSEC restricts visibility of key organizational resources.
AU-13Monitoring for Information DisclosureAUDetects information exposure through directory listings as unauthorized disclosure.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-2340 UPD6.05.30.28002024-04-09
CVE-2017-60455.57.50.01682017-06-21
CVE-2018-105905.57.50.01712018-05-15
CVE-2018-147855.57.50.02212018-08-10
CVE-2018-164935.57.50.01762019-02-01
CVE-2019-54155.57.50.01692019-03-21
CVE-2020-81615.58.60.03592020-07-02
CVE-2021-215285.57.50.00952021-11-12
CVE-2021-275055.57.50.00962022-05-13
CVE-2023-519485.57.50.00712024-01-19
CVE-2024-22082 UPD5.57.50.00632024-03-20
CVE-2023-499795.57.50.00752024-03-21
CVE-2025-20385.57.30.00562025-03-06
CVE-2025-4909 UPD5.57.30.00422025-05-19
CVE-2025-28170 UPD5.57.60.00312025-07-29
CVE-2021-477185.57.50.00462025-12-09
CVE-2022-507885.57.50.00742025-12-30
CVE-2020-369215.57.50.00382026-01-06
CVE-2026-22860 UPD5.57.50.00662026-02-18
CVE-2025-32750 UPD5.57.50.00352026-05-20
CVE-2019-54373.55.30.01312019-05-10
CVE-2020-150813.55.30.01652020-07-02
CVE-2020-157903.55.30.00902020-09-09
CVE-2020-78583.56.80.01062021-04-22
CVE-2021-325103.54.30.00852021-07-07