Backup File Disclosure

Risk:
Medium

Type:
Active

CWE:
530

Summary: A backup of the file was disclosed by the web server

Solution: Do not edit files in-situ on the web server, and ensure that un-necessary files (including hidden files) are removed from the web server.

Other info: A backup of [https://example.com/profile.asp] is available at [https://example.com/profile.asp.old]

References

https://cwe.mitre.org/data/definitions/530.html

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.html