|
|
Status: Incomplete Weakness ID: 530 (Weakness Variant)Description Summary Often, old files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. Common Consequences At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site. Potential Mitigations Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot. Relationships
Taxonomy Mappings
Time of Introduction  Implementation OperationContent History Submissions Anonymous Tool Vendor (under NDA). (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Common_Consequences, Relationships, Taxonomy_Mappings |
|
|
|||
