.bash_history Files Disclosed via Web Server

medium Nessus Plugin ID 83346

Language:

Synopsis

The remote web server hosts what may be a publicly accessible .bash_history file.

Description

Nessus has detected that the remote web server hosts publicly available files whose contents may be indicative of a typical bash history. Such files may contain sensitive information that should not be disclosed to the public.

Solution

Make sure that such files do not contain any confidential or otherwise sensitive information, and that the files are only accessible to those with valid credentials.

Plugin Details

Severity: Medium

ID: 83346

File Name: web_accessible_bash_history.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 5/12/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis by tenable research

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics