Summary

Acunetix 360 identified a possible backup file disclosure on the web server.

Impact

Backup files can contain old or current versions of a file on the web server. This could include sensitive data such as password files or even the application's source code. This form of issue normally leads to further vulnerabilities or, at worst, sensitive information disclosure.

Remediation

Do not store backup files on production servers.

Severity

Low

Classification

PCI v3.2-6.5.8 CAPEC-87 CWE-530 HIPAA-164.306(a) 164.308(a) ISO27001-A.18.1.3 WASC-34 OWASP 2013-A7 OWASP 2017-A5