Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

.htaccess File Detected

Severity: Information
Summary#

Invicti detected an exposed .htaccess file.

Impact#

.htaccess files are configuration files for the Apache web server that can be used to override certain server configuration options on a per-directory basis using a human readable file.

If their contents are exposed, attackers can gain valuable insight into your server configuration and may read sensitive data can aid them in further attacks.

Remediation#
  • Make sure that .htaccess files are not readable when you directly access them via your web browser.
  • If possible try to apply the configuration options within the virtual host configuration file and deactivate the possibility of using .htaccess files.
    • This will not only enhance performance
    • Additionally it is more secure and helps to avoid situations where an attacker can upload their own .htaccess file to the server.
External References#
Classifications#
, , ,
Further Reading#

Select Category

OR

Search Vulnerability

Tags

OWASP 2017-A6 OWASP 2013-A5

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works