Web Server Misconfiguration: Unprotected Directory - http://zero.webappsecurity.com:80/testing/
Created by: armorcodegithubapp[bot]
Category: Web Server Misconfiguration: Unprotected Directory Scan Type: Dynamic CheckType: Vulnerability Abstract: Development-related directories were discovered within your web application during a Directory Enumeration scan. Risks associated with an attacker discovering a directory on your application server depend upon what type of directory is discovered, and what types of files are contained within it. The primary threat, other than accessing files containing sensitive information, is that an attacker can utilize the information discovered in that directory to perform other types of attacks. Recommendations include removing any source code directories and repositories from the production server, disabling the use of remote repositories, and ensuring that the latest patches and version updates have been performed on the version control system being used Additionally, restrict access to important directories or files by adopting a "need to know" requirement for both the document and server root, and turning off features such as Automatic Directory Listings that provide information that could be utilized by an attacker when formulating or conducting an attack. Request: GET /testing/ HTTP/1.1 Referer: http://zero.webappsecurity.com:80/ User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Accept: / Pragma: no-cache Host: zero.webappsecurity.com X-Scan-Memo: Category="Audit"; Function="createStateRequestFromAttackDefinition"; SID="74AC7190EB0DD42B270214C7DD7706B5"; PSID="3B5C6D4258EDE9E2520272F502F91B6B"; SessionType="AuditAttack"; CrawlType="None"; AttackType="Server"; OriginatingEngineID="ae34b422-6357-4aca-8fe7-7e449e14c9b7"; AttackSequence="0"; AttackParamDesc=""; AttackParamIndex="0"; AttackParamSubIndex="0"; CheckId="10217"; Engine="Directory+Enumeration"; Retry="False"; SmartMode="NonServerSpecificOnly"; ThreadId="39"; ThreadType="AuditDBReaderSessionDrivenAudit"; Connection: Keep-Alive Cookie: CustomCookie=WebInspect69383ZXB3FCEA2CCD6849B0A63D3EFF65615601Y3637;status=yes;username=;userid=;sessionid=;ASPSESSIONIDCARBTACT=IFDJMBECGEEOKNHHINEAFONF;state=
File Path: //zero.webappsecurity.com:0
Mitigation:
For Security Operations:
You should evaluate the production requirements for the found directory. If the directory is not required for production operation, then the directory and its contents should be removed or restricted by a server access control mechanism. More information about implementing access control schemes can be found in the References. Automatic directory indexing should also be disabled, if applicable.
For Development:
This problem will be resolved by the web application server administrator. In general, remove all source code repositories and files from the production server and do not rely on 'hidden' directories within the web root that can contain sensitive resources or web applications. Assume an attacker knows about the existence of all directories and files on your web site, and protect them with proper access controls.
For QA:
This problem will be resolved by the web application server administrator.
https://app.armorcode.com/#/findings/64698309
Knowledge Base: Man in the Middle (MITM) Attack:https://app.armorcode.com/#/knowledgeBase/45