Description

Due to incorrect configuration, the web application discloses a full path to a file with source code, which generated a response, in the "X-SourceFiles" header.

Remediation

Hide X-SourceFiles header

References

What does the X-SourceFiles header do?

Related Vulnerabilities

Golang runtime profiling data

WordPress Plugin AI ChatBot Information Disclosure (4.8.9)

Apache Solr Log4Shell RCE

WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Multiple Vulnerabilities (2.05.01)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure