Skip to main content
Support

KB Article #161747

Script Directory Check Vulnerability

Problem

Script Directory Check – A directory was discovered that contains an object referenced in a post request or query string, and which has a name that could easily be guessed by an attacker.
 
CWE-284: Access Control (Authorization) Issues
http://cwe.mitre.org/data/definitions/284.html

CWE-200: Information Exposure
http://cwe.mitre.org/data/definitions/200.html

Resolution

Recommended fixes for this particular issue as per the report include:

· Restrict access to important files or directories only to those who actually need it. More information about implementing secure authentication schemes is listed below.
· Enforce consistent authentication across your entire application. Ensure authentication is applied to the entire directory structure, including sub-directories.

ST provides configuration option called Http.FdxAuthAliases that forces authentication upon resource directories html/ scripts/ and icons/. If they enable it user must be authenticated to access any of the files there.