Publicly accessible access-log file
An accessible access.log file was discovered.
- logs
- disclosure
Access log files are files which store information about how a web application was accessed. If you have access to the web server then you can use access logs to determine exactly how a user was authenticated and what kind of requests they were making.
Impact
Attackers can use the access logs to gain more information about how the web server is used. This may allow attackers to discover vulnerabilities which they would otherwise not have been able to attack.
Solution
Do not publicly disclose the access logs. This information should be used only in a black box environment where users are authenticated and have no idea what is happening behind their backs.
Was this page helpful?