Full Path Disclosure

Home/Alerts/Alert detail/

Risk:
Low

Type:
Passive

CWE:
CWE-209

Summary: The full path of files which might be sensitive has been exposed to the client.

Solution: Disable directory browsing in your web server. Refer to the web server documentation.

References: https://owasp.org/www-community/attacks/Full_Path_Disclosure

Latest Security News

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Common Alerts

InformationalRetrieved from Cache

HighNoSQL Injection - MongoDB

InformationalLoosely Scoped Cookie

HighSession Fixation

MediumSession ID in URL Rewrite

HighCross Site Scripting (Reflected)

InformationalGraphQL Endpoint Supports Introspection

HighCross-Domain Misconfiguration - Adobe - Read

MediumJWT Scan Rule

InformationalBase64 Disclosure in WebSocket message

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

MediumCWE-498 Cloneable Class Containing Sensitive Information

LowCWE-263 Password Aging with Long Expiration

CWE-939 Improper Authorization in Handler for Custom URL Scheme

CWE-582 Array Declared Public, Final, and Static

CWE-26 Path Traversal: '/dir/../filename'

CWE-1025 Comparison Using Wrong Factors

LowCWE-481 Assigning instead of Comparing

CWE-1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer

CWE-1053 Missing Documentation for Design

MediumCWE-128 Wrap-around Error

Free security scan for your website

Don't show website scan report rating on the leaderboard