Details
Alert Id 10095
Alert Type Active
Status beta
Risk Medium
CWE 530
WASC 34
Technologies Targeted All
Tags OWASP_2017_A03
OWASP_2021_A05
WSTG-V42-CONF-04

Summary

A backup of the file was disclosed by the web server

Solution

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files. Consider using MVC based frameworks such as Struts.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java