Configuration file disclosure

Description

A backup/temporary configuration file was found on this directory. It has been confirmed that this file contains Web application deployment descriptor (normally stored in the file /WEB-INF/web.xml).

Several popular text editors like Vim and Emacs automatically create backup copies of the files you edit, giving them names like "wp-config.php~" or "web.xml~". If the text editor crashes or the SSH connection drops during editing, then the temporary backup files may not be cleaned up correctly. Also, sometimes developers create this type of files to backup their work or by administrators when making backups of the web server.

Remediation

Remove this file from the web server. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of temporary/backup files in directories accessible from the web.

References
Severity
Classification
Tags
  • Information Disclosure  Test Files