TWA 0409

TWA-0409

Message

"Build file being served at: ${url}"

In the message output the variable ${url} is replaced by the served URL of the build file.

Explanation

Files of the build system (e.g. Docker compose, make, CMake) used to setup the web server or other applications running on the server should not be published by the web server. A possible attacker should not get information of the internal settings and structure of the web server and the web applications.

Current (August 2020) the twa script checks the files: 'Dockerfile', 'docker-compose.yml', 'Makefile' and 'CMakeLists.txt'.

Remediation

Configure the web server to not publish files with internal data.

There exists several configuration options to suppress files with name (pattern) in a blacklist or files not in whitelist. Search the web for examples.

Home
Codes
TWA-00YY
- TWA-0001
TWA-01YY
TWA-02YY
- TWA-0201
- TWA-0202
- TWA-0203
- TWA-0204
- TWA-0205
- TWA-0206
- TWA-0207
- TWA-0208
- TWA-0209
- TWA-0210
- TWA-0211
- TWA-0212
- TWA-0213
- TWA-0214
- TWA-0215
- TWA-0216
- TWA-0217
- TWA-0218
- TWA-0219
- TWA-0220
- TWA-0221
- TWA-0222
- TWA-0223
- TWA-0224
- TWA-0225
- TWA-0226
- TWA-0227
- TWA-0228
- TWA-0229
- TWA-0230
TWA-03YY
TWA-04YY
- TWA-0401
- TWA-0402
- TWA-0403
- TWA-0404
- TWA-0405
- TWA-0406
- TWA-0407
- TWA-0408
- TWA-0409
- TWA-0410
TWA-05YY
- TWA-0501
- TWA-0502
- TWA-0503
- TWA-0504
TWA-06YY
- TWA-0601
- TWA-0602
- TWA-0603
- TWA-0604
TWA-07YY
- TWA-0701
TWA-08YY
- TWA-0801
- TWA-0802
- TWA-0803
- TWA-0804
- TWA-0805
- TWA-0806
- TWA-0807
- TWA-0808
- TWA-0809
- TWA-0810
TWA-09YY
- TWA-0901

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TWA 0409

TWA-0409

Message

Explanation

Remediation

Clone this wiki locally