DerScanner
Home / Vulnerability Database / Java : File disclosure
Java

Java : File disclosure

Classification

OWASP Top 10 2013
A4-Insecure Direct Object References
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
OWASP ASVS
Files and Resources
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-1030

Overview

The application uses the method that causes a redirect with an unvalidated parameter from an untrusted source. This gives an attacker access to application binary files (including classes and jar files) and allows to view files in protected directories.

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. CWE-552: Files or Directories Accessible to External Parties
  3. CWE-1030
MEDIUM

DerScanner Severity Score

Do you want to fix Java : File disclosure in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage