| Details | |
|---|---|
| Alert Id | 10095 |
| Alert Type | Active |
| Status | beta |
| Risk | Medium |
| CWE | 530 |
| WASC | 34 |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A03 OWASP_2021_A05 WSTG-V42-CONF-04 |
Summary
A backup of the file was disclosed by the web server
Solution
Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files. Consider using MVC based frameworks such as Struts.Other Info
References
- https://cwe.mitre.org/data/definitions/530.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html