WSTG-V42-CONF-05 on ZAP /alerttags/wstg-v42-conf-05/ Recent content in WSTG-V42-CONF-05 on ZAP Hugo en-us .env Information Leak /docs/alerts/40034/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40034/ <p>One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information.</p> .htaccess Information Leak /docs/alerts/40032/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40032/ <p>htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.</p> ELMAH Information Leak /docs/alerts/40028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40028/ <p>The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.</p> Hidden File Found /docs/alerts/40035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40035/ <p>A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.</p> Properties File Disclosure - /WEB-INF folder /docs/alerts/10045-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-2/ <p>A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys.</p> Source Code Disclosure - /WEB-INF Folder /docs/alerts/10045-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10045-1/ <p>Java source code was disclosed by the web server in Java class files in the WEB-INF folder. The class files can be dis-assembled to produce source code which very closely matches the original source code.</p> Spring Actuator Information Leak /docs/alerts/40042/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40042/ <p>Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.</p> Trace.axd Information Leak /docs/alerts/40029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40029/ <p>The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.</p>