Storage of File with Sensitive Data Under Web Root Archives

Read Time:53 Second

Description

The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.

Besides public-facing web pages and code, applications may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server. If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.

Modes of Introduction:

– Operation

Related Weaknesses

CWE-552

Consequences

Confidentiality: Read Application Data

Potential Mitigations

Phase: Implementation, System Configuration

Description:

Avoid storing information under the web root directory.

Phase: System Configuration

Description:

Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the web directory.

CVE References

CVE-2005-1835
- Data file under web root.

CVE-2005-2217
- Data file under web root.

CVE-2002-1449
- Username/password in data file under web root.

CVE-2002-0943
- Database file under web root.

CVE-2005-1645
- database file under web root.

Cyber Security News

Tag Archives: Storage of File with Sensitive Data Under Web Root

CWE-219 – Storage of File with Sensitive Data Under Web Root

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more