WS_FTP Log File Detected

Summary#

Invicti detected a WS_FTP Log File.

WS_FTP is an FTP client and it creates a log file named WS_FTP.LOG, which contains sensitive information such as file names, internal paths, etc.

Impact#

There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Remediation#

If it is a file required by the application, change its permissions to prevent public users from accessing it. If it is not, then remove it from the web server.

Classifications#

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, ISO27001-A.9.4.1, WASC-13, CAPEC-118, CWE-538

WS_FTP Log File Detected

Related Articles

Build your resistance to threats. And save hundreds of hours each month.