Pprof Debug Files Detected

medium Web App Scanning Plugin ID 113892

Synopsis

Pprof Debug Files Detected

Description

Pprof is a tool for visualization and analysis of profiling data. Output files may be located inside a hidden directory named debug/pprof/ & When exposed with the web application configuration, the files contained in this directory may expose sensitive information such as internal memory addresses, configuration, filesystem information and resource consumption which may be of use to external attackers.

Solution

Review the contents of the discovered debug/pprof directory and remove sensitive content, and/or adjust the web server's access controls to limit access to sensitive material.

See Also

https://github.com/google/pprof/blob/main/doc/README.md

Plugin Details

Severity: Medium

ID: 113892

Type: remote

Published: 5/5/2023

Updated: 5/5/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information