Web Application Information Disclosure

medium Nessus Plugin ID 57640

Synopsis

The remote web application discloses path information.

Description

At least one web application hosted on the remote web server discloses the physical path to its directories when a malformed request is sent to it.

Leaking this kind of information may help an attacker fine-tune attacks against the application and its backend.

Solution

Filter error messages containing path information.

Plugin Details

Severity: Medium

ID: 57640

File Name: web_path_leak.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 1/25/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests