Summary #

Netsparker detected a WS_FTP Log File.

WS_FTP is an FTP client and it creates a log file named WS_FTP.Log, which contains sensitive information such as file names, internal paths, etc.

Impact #
There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Remediation #
If it is a file required by the application, change its permissions to prevent public users from accessing it. If it is not, then remove it from the web server.
Classifications #
CAPEC-118, CWE-538, ISO27001-A.9.4.1, WASC-13, OWASP PC-C6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO