Summary

Acunetix 360 identified a Microsoft IIS log file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories and files.

Remediation

Configure your web server to prevent public access to the directory / page by implementing access control mechanisms.

Severity

Low

Classification

PCI v3.2-6.5.8 CAPEC-87 CWE-425 HIPAA-164.306(a) 164.308(a) ISO27001-A.18.1.3 WASC-34 OWASP 2013-A7 OWASP 2017-A5