OWASP ZAP

Details
Alert Id	10099
Alert Type	Passive Scan Rule
Status	alpha
Risk
CWE
WASC

Summary

Application Source Code was disclosed by the web server

Solution

Ensure that application Source Code is not available with alternative extensions, and ensure that source code is not present within other files or data deployed to the web server, or served by the web server.

References

http://blogs.wsj.com/cio/2013/10/08/adobe-source-code-leak-is-bad-news-for-u-s-government/

Code

org/zaproxy/zap/extension/pscanrulesAlpha/SourceCodeDisclosureScanRule.java

Source Code Disclosure

Summary

Solution

References

Code