Summary #

Invicti identified a Microsoft IIS log file with potentially sensitive content.

Impact #
Depending on the content of the file, an attacker might discover hidden directories and files.
Remediation #
Configure your web server to prevent public access to the directory / page by implementing access control mechanisms.
Classifications #
PCI v3.1-6.5.8; PCI v3.2-6.5.8; CAPEC-87; CWE-425; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo