Source Code Disclosure - SVN

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Active

CWE:
CWE-541

Summary: The source code for the current page was disclosed by the web server.

Solution: Ensure that SVN metadata files are not deployed to the web server or application server

Other info: The source code for [] was found at []

References

https://owasp.org/www-community/attacks/Forced_browsing

https://cwe.mitre.org/data/definitions/425.html

Latest Security News

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Common Alerts

HighLog4Shell (CVE-2021-44228)

MediumContent Security Policy (CSP) Header Not Set

InformationalCharset Mismatch

InformationalUsername Hash Found

InformationalRetrieved from Cache

MediumHTTPS to HTTP Insecure Transition in Form Post

HighAdvanced SQL Injection

InformationalInformation Disclosure - Information in Browser sessionStorage

MediumJWT Scan Rule

MediumSpring Actuator Information Leak

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

CWE-767 Access to Critical Private Variable via Public Method

CWE-1100 Insufficient Isolation of System-Dependent Functions

CWE-636 Not Failing Securely ('Failing Open')

HighCWE-426 Untrusted Search Path

CWE-1071 Empty Code Block

CWE-471 Modification of Assumed-Immutable Data (MAID)

CWE-782 Exposed IOCTL with Insufficient Access Control

CWE-149 Improper Neutralization of Quoting Syntax

CWE-625 Permissive Regular Expression

MediumCWE-778 Insufficient Logging

Free security scan for your website

Don't show website scan report rating on the leaderboard