/alerttags/cwe-541/ Recent content in CWE-541 on ZAP Hugo en-us /docs/alerts/10045-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-2/ <p>A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys.</p> /docs/alerts/10045-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-1/ <p>Java source code was disclosed by the web server in Java class files in the WEB-INF folder. The class files can be dis-assembled to produce source code which very closely matches the original source code.</p> /docs/alerts/43/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/43/ <p>The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.</p> /docs/alerts/41/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/41/ <p>The source code for the current page was disclosed by the web server.</p> /docs/alerts/42/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/42/ <p>The source code for the current page was disclosed by the web server.</p>