StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
10045

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Source Code Disclosure - /WEB-INF folder

Reference
Plugin ID: 10045 CWE: 541 WASC: 34 High Active Information Disclosure

Remediation

  1. Configure web server: Ensure the web server is configured to deny access to the /WEB-INF folder and its contents.
  2. Directory restrictions: Implement proper directory access controls to prevent direct access to application files.
  3. Code obfuscation: Implement code obfuscation as an additional layer of defense for compiled Java classes.
  4. Security testing: Regularly test for exposed sensitive directories and files.

About

Source Code Disclosure in /WEB-INF folder occurs when Java class files in the WEB-INF directory are accessible via web requests. These class files can be decompiled to reveal source code that closely matches the original implementation, exposing business logic, credentials, and other sensitive information.

Risks

High Exposure of Java class files can lead to complete source code disclosure, revealing business logic, hardcoded credentials, API keys, database connection strings, and other sensitive information that attackers can exploit.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy