|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-15 | |
| Rule Name: | Sensitive Directory Access Detection - WEB-INF | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | WEB-INF is the security directory of Java WEB application. It is the directory that the client can not access, only the server can access, and it is used to store all related files of the WEB site. This rule is used to detect suspicious behavior that attempts to bypass the permission control for unauthorized access to WEB-INF through special characters. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| 1. Make sure the file system permissions of Web servers and applications are set properly to limit access to sensitive files and directories. 2. Review the access record of the system to see if there is any unauthorized access. 3. Ensure that the system and applications have been updated to the latest version, and fix known vulnerabilities to reduce the impact on the system. |