Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Summary

Netsparker detected an exposed .htaccess file.

Impact

.htaccess files are configuration files for the Apache web server that can be used to override certain server configuration options on a per-directory basis using a human readable file.

If their contents are exposed, attackers can gain valuable insight into your server configuration and may read sensitive data can aid them in further attacks.

Remediation
  • Make sure that .htaccess files are not readable when you directly access them via your web browser.
  • If possible try to apply the configuration options within the virtual host configuration file and deactivate the possibility of using .htaccess files.
    • This will not only enhance performance
    • Additionally it is more secure and helps to avoid situations where an attacker can upload their own .htaccess file to the server.
Classifications
CWE-16, OWASP 2013-A5, OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO