Detections
Analytics
web.config File Information Disclosure
medium Nessus Plugin ID 121479
Language:
Synopsis
The remote web server hosts an application that is affected by an information disclosure vulnerability.Description
An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information.Solution
Ensure proper restrictions are in place, or remove the web.config file if the file is not required.Plugin Details
Severity: Medium
ID: 121479
File Name: web_config_is_remotely_accessible.nasl
Version: 1.2
Type: remote
Family: CGI abuses
Published: 1/30/2019
Updated: 4/27/2020
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Information disclosure
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N