| Details | |
|---|---|
| Alert ID | 10095 |
| Alert Type | Active |
| Status | beta |
| Risk | Medium |
| CWE | 530 |
| WASC | 34 |
| Technologies Targeted | All |
| Tags |
CWE-530 OWASP_2017_A03 OWASP_2021_A05 POLICY_PENTEST POLICY_QA_FULL WSTG-V42-CONF-04 |
| More Info |
Scan Rule Help |
Summary
A backup of the file was disclosed by the web server.
Solution
Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.Other Info
A backup of [https://example.com/profile.asp] is available at [https://example.com/profile.asp.old]References
- https://cwe.mitre.org/data/definitions/530.html
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html