Summary #

Invicti detected a WS_FTP Log File.

WS_FTP is an FTP client and it creates a log file named WS_FTP.Log, which contains sensitive information such as file names, internal paths, etc.

Impact #
There is no direct impact, however this information can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
Remediation #
If it is a file required by the application, change its permissions to prevent public users from accessing it. If it is not, then remove it from the web server.
Classifications #
CAPEC-118; CWE-538; ISO27001-A.9.4.1; WASC-13; OWASP PC-C6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo