Description

The web server has several virtual hosts. Due to an incorrect configuration of virtual hosts, files of one virtual host is located inside a directory of another one. Therefore, an attacker may access parts of the source code of your web application.

Remediation

Change vitrual hosts configuration, so each of them have a separate root directory

References

Apache Virtual Host documentation

Server Block Examples

Related Vulnerabilities

HTTP Strict Transport Security (HSTS) Errors and Warnings

ASP.NET Deny missing from authorization rule on location

Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16355)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Source Code Disclosure