Security Test: File disclosure¶
Description¶
Default Severity:
File disclosure vulnerabilities occur when a web server unintentionally reveals files that contain sensitive details like configuration settings, credentials, or internal processes. This typically happens because of insecure coding practices—such as not sanitizing user input properly or misconfiguring file access permissions—which allows attackers to manipulate file paths and access files outside the intended directory. If left unaddressed, malicious actors could use this information to better understand your system's weaknesses and plan more targeted exploits, potentially leading to more serious breaches. Developers can often fall into this trap by assuming default configurations are secure or by not fully validating the input that directs file access.
Configuration¶
Identifier:
information_disclosure/file_disclosure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API7:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.1 |
| NIST | SP800-53 |
| FedRAMP | AC-3 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS Score | 7.5 |