5 vulnerabilities classified as CWE-219 (Web根目录下的敏感数据). AI Chinese analysis included.
CWE-219 represents a critical configuration weakness where sensitive data, such as credentials or private keys, is inadvertently stored within the web server’s document root directory. This vulnerability typically arises when developers place non-public files in accessible directories without implementing strict access controls or proper server configuration. Attackers exploit this oversight by directly requesting the file’s URL through a web browser or automated tool, bypassing application-level security checks to retrieve confidential information. To prevent this, developers must segregate sensitive data from publicly accessible web content, storing such files outside the document root entirely. Additionally, configuring web servers to deny direct access to specific file types or directories, and employing robust access control mechanisms, ensures that only authorized application logic can interact with protected resources, thereby mitigating the risk of unauthorized disclosure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-56159 | Server source code is exposed to the public if sourcemaps are enabled — astro | 7.5 | - | 2024-12-19 |
| CVE-2024-39776 | Avtec Outpost Storage of File with Sensitive Data Under Web Root — Outpost 0810 | 7.5 | High | 2024-08-22 |
| CVE-2023-39467 | Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability — SCADA Data Gateway | 7.5 | - | 2024-05-03 |
| CVE-2022-36306 | Airspan AirVelocity 1500 安全漏洞 — AirVelocity | 6.5 | - | 2022-08-16 |
| CVE-2022-21236 | Reolink Rlc-410W 信息泄露漏洞 — n/a | 7.5 | - | 2022-01-28 |
Vulnerabilities classified as CWE-219 (Web根目录下的敏感数据) represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.