1

Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows.

The request URL which our application intended to accept is www.host.com/what/ever/ourPage but in security report shows that www.host.com/what/ever/ourPage.old is a malicious URL even our application redirects the request to www.host.com/what/ever/ourPage without any problem. This is what the security scan report says.

Threat A potentially sensitive file, directory, or directory listing was discovered on the Web server.

Impact The contents of this file or directory may disclose sensitive information.

Solution Verify that access to this file or directory is permitted. If necessary, remove it or apply access controls to it.

We are using a number of tracking and campaign tools as well so not sure whether this is get appended by one of them.

Is it a good idea to block that kind of request and could I please know why?

ThilankaD
  • 111
  • 1
  • 1
    Security scans often create false positives, based on the information you described here, the web server uses an HTTP 301 or HTTP 302 and redirects you to the valid URL. So my initial thought is 'false positive'. – Jeroen Jun 21 '21 at 07:32
  • Hi @Jeroen. It just loads the page with HTTP 200 and the URL in the address bar stays unchanged after the page load. – ThilankaD Jun 21 '21 at 09:34

1 Answers1

1

It looks like your scanner is checking for backed-up or cached copies of webpages with extensions that would result in the entire file being served as plaintext, leaking the server side code and any secrets contained in it. This may happen either because some text editor left a cached copy of the file or because some developer manually created a backup copy.

Since you say your web server redirects the request to the original file, this looks like a false positive.

nobody
  • 11,251
  • 1
  • 41
  • 60