Details
Alert Id 10095
Alert Type Active Scan Rule
Status beta
Risk Medium
CWE 530
WASC 34

Summary

A backup of the file was disclosed by the web server

Solution

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files. Consider using MVC based frameworks such as Struts.

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java