Description

A possible backup file was found on your web-server. These files are usually created by developers to backup their work.

Remediation

Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of backup files in directories accessible from the web.

References

Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)

Security Tips for Server Configuration

Protecting Confidential Documents at Your Site

Related Vulnerabilities

WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)

Atlassian Confluence Stored Cross Site Scripting

ASP.NET application-level tracing enabled

Stack Trace Disclosure (Python)

Grails database console

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure Test Files