Sensitive File Disclosure

medium Nessus Plugin ID 121041

Synopsis

The web application hosts static files that may be sensitive in nature.

Description

The remote web application hosts documents or office files that may contain sensitive information.

Solution

Static files that are not necessary should be removed from the web root. If documents are required to be in the web root, and are sensitive in nature, they should require authentication.

Plugin Details

Severity: Medium

ID: 121041

File Name: sensitive_web_files.nbin

Version: 1.50

Type: remote

Family: CGI abuses

Published: 1/9/2019

Updated: 7/17/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Information disclosure score

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests, Settings/ParanoidReport