Summary #

Netsparker identified a Microsoft IIS log file with potentially sensitive content.

Impact #
Depending on the content of the file, an attacker might discover hidden directories and files.
Remediation #
Configure your web server to prevent public access to the directory / page by implementing access control mechanisms.
Classifications #
PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, CWE-425, HIPAA-425, ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo