Description

The Global.asa file is an optional file in which you can specify event scripts and declare objects that have session or application scope. It is not for content that is displayed to clients; instead it stores event information and objects used globally by the application. This file must be named Global.asa (or Global.asax for ASP.NET) and must be stored in the root directory of the application.

Global.asa file is not normally accessible (the web server restricts access to this file). Acunetix found a backup for this file that is directly accessible. Global.asa file may contain sensitive information (such as database credentials, sensitive source code snippets) and it's recommended to restrict access to this file.

Remediation

Restrict access to this file or remove it from the website.

Related Vulnerabilities