Description

One or more documentation files (e.g. readme.txt, changelog.txt, ...) were found. The information contained in these files could help an attacker identify the web application you are using and sometimes the version of the application. It's recommended to remove these files from production systems.

Remediation

Remove or restrict access to all documentation file acessible from internet.

References

INT08:2023 – Information Leakage

Related Vulnerabilities

Typo3 debug mode enabled

WordPress Plugin Log Emails Information Disclosure (1.0.6)

Yii debug mode enabled

WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)

Jetty Information Disclosure (CVE-2021-34429)

Severity

Low

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files