how can a "robots.txt" lead to a CVSS of 5.0 in case it does not disclose any path and is present because
a) not trigger error-logs b) not respond with HTML error pages ___________________________________________________ Low (CVSS: 5.0) NVT: robot(s).txt exists on the Web Server (OID: 1.3.6.1.4.1.25623.1.0.10302) Details Add Note Add Override Summary: Some Web Servers use a file called /robot(s).txt to make search engines and any other indexing tools visit their WebPages more frequently and more efficiently. Vulnerability Insight: By connecting to the server and requesting the /robot(s).txt file, an attacker may gain additional information about the system they are attacking. Such information as, restricted directories, hidden directories, cgi script directories and etc. Take special care not to tell the robots not to index sensitive directories, since this tells attackers exactly which of your directories are sensitive.The file 'robots.txt' contains the following: User-agent: * Disallow: -- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
