Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Detail

.htaccess File Detected

Severity: Information

Summary

Netsparker detected an exposed .htaccess file.

Impact

.htaccess files are configuration files for the Apache web server that can be used to override certain server configuration options on a per-directory basis using a human readable file.

If their contents are exposed, attackers can gain valuable insight into your server configuration and may read sensitive data can aid them in further attacks.

Remediation
  • Make sure that .htaccess files are not readable when you directly access them via your web browser.
  • If possible try to apply the configuration options within the virtual host configuration file and deactivate the possibility of using .htaccess files.
    • This will not only enhance performance
    • Additionally it is more secure and helps to avoid situations where an attacker can upload their own .htaccess file to the server.
External References
Classifications
CWE-16, OWASP 2013-A5, OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
Copyright © 2020 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap