Details | |
---|---|
Alert ID | 10095 |
Alert Type | Active |
Status | beta |
Risk | Medium |
CWE | 530 |
WASC | 34 |
Technologies Targeted | All |
Tags |
CWE-530 OWASP_2017_A03 OWASP_2021_A05 POLICY_QA_FULL WSTG-V42-CONF-04 |
More Info |
Scan Rule Help |
Summary
A backup of the file was disclosed by the web server.
Solution
Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.Other Info
A backup of [https://example.com/profile.asp] is available at [https://example.com/profile.asp.old]References
- https://cwe.mitre.org/data/definitions/530.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html