/vulndb/Common Files

Common files are files which are usually left by automated/default installations that are not necessarily still required by the web application but may still contain sensitive information.

An attacker may search for these files to retrieve sensitive information about the application and its environment that was not intended to be disclosed.

Solution

If possible delete the affected files or make sure that they are not publicly accessible.

Caveats

Example files are web.xml, readmes, phpinfo.php, etc.

References

https://www.owasp.org/index.php/Testing_for_Old,_Backup_and_Unreferenced_Files_(OWASP-CM-006)