253 – Automatic information enumeration - AWS

Description

The system exposes resources that are not necessary for the operation of the application.

Impact

Expose system resources that can be enumerated.

Recommendation

The application should not expose resources that are not explicitly necessary for the operation of the application, exposing unnecessary resources could expand the attack surface.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 237 - Ascertain human interaction
• 266 - Disable insecure functionalities
• 327 - Set a rate limit

Fixes

• Aws

Last updated

2024/02/16