Properties File Disclosure - /WEB-INF folder
- Risk:
High
- Type:
- Active
- CWE:
- CWE-541
- Summary
A Java class in the /WEB-INF folder disclosed the presence of the properties file. Properties file are not intended to be publicly accessible, and typically contain configuration information, application credentials, or cryptographic keys.
- Solution
The web server should be configured to not serve the /WEB-INF folder or its contents to web browsers. It may also be possible to remove the /WEB-INF folder.
- Other info
- The reference to the properties file was found in the dis-assembled Java source code for Java class [https://example.com/foo.class].
Free security scan for your website