General Information

Predictable Resource Location Enumeration

Variants:
Direct 

Vector Type:
Attack

Relevance:
Generic

Layer:
Web-Infrastructure-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Hardening

Invented In:
01/01/1995

Added In:
03/12/2014


Vector Operation Method:
Functionality implemented in Hidden, dormant and unnecessary files found in predictable locations could be accessed by attackers that guess their URL address. May include content such as Default pages, code version control content, sequential file and directory names, administrative URLs, etc. Intentionally separated from the Old, backup and unreferenced files category due to multiple separate plugin implementations in scanners and slightly different detection techniques.


Direct Variant:

Predictable Resource Location Enumeration

Variant Title:
Predictable Resource Location Enumeration

Typical Severity:
Medium

Resources:

White Papers:

Learn More: