Server Vulnerabilities And Misconfiguration For Sensitive Information
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C3 CAPEC-21 CWE-200 WASC-14 WSTG-CONF-03
A server provides services to its clients (end users). There are servers that have misconfiguration or vulnerabilities that can cause Information leakage.These misconfigurations may be due to directory listing vulnerability or source disclosure vulnerabilities. These vulnerabilities can be exploited by attackers to bypass authentication methods. With administrator access, the attackers can gain access to sensitive information.
This vulnerability can have the following vulnerabilities:-
- Loosing server integrity
- Possible data loss
- The attacker will gain access to the source code using web application
Mitigation / Precaution
This vulnerability can be fixed by:-
- Using appropriate configuration management policies for obsolete and unreferenced files.
- Creating applications for Data files, log files, configuration files, etc. that should be stored in directories and not accessible by the web server.
- not making File system snapshots accessible via the web