289 – Technical information leak - Logs

Description

The application has an HTML file that displays a LOG of the system. In the event that this page is accessible by users, they will be able to know information about the system.

Impact

Understand how the system works from the messages stored in the Log and generate an attack against the system based on this knowledge.

Recommendation

Avoid exposing system information in files that can be accessed by third parties.

Threat

External attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Csharp
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/19