Global.asa backup file found

Description
  • The <strong>Global.asa</strong> file is an optional file in which you can specify event scripts and declare objects that have session or application scope. It is not for content that is displayed to clients; instead it stores event information and objects used globally by the application. This file must be named Global.asa (or <strong>Global.asax</strong> for ASP.NET) and must be stored in the root directory of the application. <br/><br/> Global.asa file is not normally accessible (the web server restricts access to this file). Acunetix found a backup for this file that is directly accessible. Global.asa file may contain sensitive information (such as database credentials, sensitive source code snippets) and it's recommended to restrict access to this file.
Remediation
  • Restrict access to this file or remove it from the website.
Severity
Classification
Tags