2021年12月28日19:21:20评论132 views字数 1101阅读3分40秒阅读模式

CWE-530 将备份文件暴露给非授权控制范围

Exposure of Backup File to an Unauthorized Control Sphere

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

A backup file is stored in a directory that is accessible to actors outside of the intended control sphere.

扩展描述

Often, old files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

常见的影响

范围	影响	注释
Confidentiality	Read Application Data	At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site.

可能的缓解方案

Policy

策略:

Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot.

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

CWE-530 将备份文件暴露给非授权控制范围

CWE-530 将备份文件暴露给非授权控制范围

Exposure of Backup File to an Unauthorized Control Sphere

基本描述

扩展描述

相关缺陷

常见的影响

可能的缓解方案

Policy

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信