|
Family: CGI abuses --> Category: infos
Robots.txt Information Disclosure Vulnerability Scan
Vulnerability Scan Summary Checks for a web server's robots.txt
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a 'robots.txt' file.
Description :
The remote host contains a file named 'robots.txt' that is intended to
prevent web 'robots' from visiting certain directories in a web site for
maintenance or indexing purposes. A malicious user may also be able to
use the contents of this file to learn of sensitive documents or
directories on the affected site and either retrieve them directly or
target them for other attacks.
See also :
http://www.robotstxt.org/wc/exclusion.html
Solution :
Review the contents of the site's robots.txt file, use Robots META tags
instead of entries in the robots.txt file, and/or adjust the web
server's access controls to limit access to sensitive material.
Threat Level:
None
Click HERE for more information and discussions on this network vulnerability scan.
|