Description

The web server has several virtual hosts. Due to an incorrect configuration of virtual hosts, files of one virtual host is located inside a directory of another one. Therefore, an attacker may access parts of the source code of your web application.

Remediation

Change vitrual hosts configuration, so each of them have a separate root directory

References

Apache Virtual Host documentation

Server Block Examples

Related Vulnerabilities

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)

JavaMelody publicly accessible

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Source Code Disclosure