Unreferenced Resource Found
Impact: Informational
Description
Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced pages may contain powerful functionality that can be used to attack the application. OWASP
Recommendation
The security of systems should not be based on the obscurity of resource locations. Remove or limit access to the file.
References
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
- CWE-552
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
👉 You might also like:
Sensitive Unreferenced Resource Found - Vulnerability
Unreferenced Login Page Found - Vulnerability
Unreferenced Repository Found - Vulnerability
Old/Backup Resource Found - Vulnerability
Last updated on February 15, 2021