Automatic information enumeration - AWS
Description
The system exposes resources that are not necessary for the operation of the application.
Impact
Expose system resources that can be enumerated.
Recommendation
The application should not expose resources that are not explicitly necessary for the operation of the application, exposing unnecessary resources could expand the attack surface.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
237 - Ascertain human interaction266 - Disable insecure functionalities327 - Set a rate limitFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
A
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P