Webalizer script
- CWE 425
- WASC 34
The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
It's recommended to restrict access to this directory as it may contain sensitive information (test scripts, administrative interfaces, session tokens sent via GET, etc). This kind of information may help an attacker to learn more about the structure of your website and can be used to conduct further attacks.
Remediation
Restrict (or password protect) the access to directory or make it accessible only on the local interface.
References
Go Back to List
Search Vulnerability
You may also see
- Readable .htaccess file
- apc.php page
- Webalizer script
- phpinfo page
- Apache perl-status Enabled
- Apache server-info Enabled
- Apache server-status Enabled
- JetBrains .idea project directory
- AWStats script
- elmah.axd Detected
- Core dump checker PHP script
- trace.axd Detected
- .DS_Store file
- Macromedia Dreamweaver database scripts
- Help file
- robots.txt Detected
- Sitemap Detected
- crossdomain.xml Detected
- Silverlight Client Access Policy
- Laravel log file
- Code Repository
- Configuration File
- Administration page
- Predictable Resource Location
- Code Repository
- Configuration File
- Administration page