Microsoft Access Database File Detected
Description
A Microsoft Access database file (.mdb or .accdb) has been detected in a publicly accessible web directory. Access database files often contain structured data including user credentials, business records, configuration settings, and other sensitive information that should not be exposed through a web server.
Remediation
Take the following steps to remediate this vulnerability:
1. Immediately move the database file outside of the web server's document root to prevent direct access via HTTP/HTTPS requests.
2. Review the database contents to identify what sensitive information may have been exposed and assess the need for additional security measures (such as password resets if credentials were exposed).
3. Configure web server access controls to deny direct access to database files. For Apache, add the following to your .htaccess or server configuration:
<FilesMatch "\.(mdb|accdb)$">
Require all denied
</FilesMatch>For IIS, add a request filtering rule to block these file extensions.4. If the application requires database access, use a server-side application layer (such as ASP.NET, PHP, or Node.js) to interact with the database rather than exposing the file directly.
5. Conduct a comprehensive review of the web directory to identify and remove any other sensitive files that should not be publicly accessible.