Common Weakness Enumeration

CWE-425

Allowed

Direct Request ('Forced Browsing')

Abstraction: Base · Status: Incomplete

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

269 vulnerabilities reference this CWE, most recent first.

GHSA-RW74-237R-47CJ

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2024-09-10 18:30
VLAI
Details

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.",
  "id": "GHSA-rw74-237r-47cj",
  "modified": "2024-09-10T18:30:41Z",
  "published": "2022-05-24T19:17:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16060"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RWP9-5G7Q-73Q3

Vulnerability from github – Published: 2026-01-07 12:31 – Updated: 2026-01-07 19:31
VLAI
Summary
OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware
Details

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openflagr/flagr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20251009103504-fe83dc87aa40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-0650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-425"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-07T19:31:31Z",
    "nvd_published_at": "2026-01-07T12:17:07Z",
    "severity": "CRITICAL"
  },
  "details": "OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data.",
  "id": "GHSA-rwp9-5g7q-73q3",
  "modified": "2026-01-07T19:31:31Z",
  "published": "2026-01-07T12:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0650"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openflagr/flagr/commit/fe83dc87aa404a57554aa5839ac450f55c203570"
    },
    {
      "type": "WEB",
      "url": "https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openflagr/flagr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openflagr/flagr/releases/tag/1.1.19"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware"
}

GHSA-V7VQ-3X77-87VG

Vulnerability from github – Published: 2022-06-16 23:10 – Updated: 2022-06-16 23:10
VLAI
Summary
Token bruteforcing.
Details

Impact

What kind of vulnerability is it? Who is impacted?

Authenticated requests to the notebook server with ContentsManager.allow_hidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed.

Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. ~/.ssh while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed.

Patches

Has the problem been patched? What versions should users upgrade to?

notebook 6.4.12

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

  • Do not run the notebook server in a directory with hidden files, use subdirectories
  • Use a custom ContentsManager with additional checks for self.is_hidden(path) prior to completing actions

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory: * Open an issue in example link to repo * Email us at example email address

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.4.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-16T23:10:10Z",
    "nvd_published_at": "2022-06-14T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nAuthenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were \u0027hidden\u0027 but not \u0027inaccessible\u0027). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed.\n\nBecause fully authenticated requests are required, this is of relatively low impact. But if a server\u0027s root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended _means_ by which the files could be accessed.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nnotebook 6.4.12\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\n- Do not run the notebook server in a directory with hidden files, use subdirectories\n- Use a custom ContentsManager with additional checks for `self.is_hidden(path)` prior to completing actions\n\n### References\n_Are there any links users can visit to find out more?_\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)\n",
  "id": "GHSA-v7vq-3x77-87vg",
  "modified": "2022-06-16T23:10:10Z",
  "published": "2022-06-16T23:10:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29238"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/notebook"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-212.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Token bruteforcing."
}

GHSA-V97W-VR8H-FVMM

Vulnerability from github – Published: 2025-10-05 06:30 – Updated: 2025-10-05 06:30
VLAI
Details

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. It is advisable to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-05T04:15:35Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. It is advisable to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.",
  "id": "GHSA-v97w-vr8h-fvmm",
  "modified": "2025-10-05T06:30:14Z",
  "published": "2025-10-05T06:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11280"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.327014"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.327014"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.659694"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-V994-GGF7-GPJ5

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:22
VLAI
Details

eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-25T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "eClass platform \u003c ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.",
  "id": "GHSA-v994-ggf7-gpj5",
  "modified": "2024-04-04T01:22:58Z",
  "published": "2022-05-24T16:51:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9884"
    },
    {
      "type": "WEB",
      "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904004"
    },
    {
      "type": "WEB",
      "url": "https://zeroday.hitcon.org/vulnerability/ZD-2019-00332"
    },
    {
      "type": "WEB",
      "url": "http://surl.twcert.org.tw/b7jfz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VC3P-78QC-H4M8

Vulnerability from github – Published: 2022-05-01 02:01 – Updated: 2025-01-16 21:30
VLAI
Details

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-1688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-20T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.",
  "id": "GHSA-vc3p-78qc-h4m8",
  "modified": "2025-01-16T21:30:54Z",
  "published": "2022-05-01T02:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1688"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=111661517716733\u0026w=2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VG8H-HXWQ-MX5R

Vulnerability from github – Published: 2024-07-28 00:30 – Updated: 2024-07-28 00:30
VLAI
Details

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-27T22:15:01Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-vg8h-hxwq-mx5r",
  "modified": "2024-07-28T00:30:33Z",
  "published": "2024-07-28T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7153"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.272556"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.272556"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.377056"
    },
    {
      "type": "WEB",
      "url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VH6H-77MP-JG82

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-07-29 00:00
VLAI
Details

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-08T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames",
  "id": "GHSA-vh6h-77mp-jg82",
  "modified": "2022-07-29T00:00:50Z",
  "published": "2022-05-24T19:19:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24695"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJ5P-C5RG-HM3W

Vulnerability from github – Published: 2024-02-02 03:30 – Updated: 2024-02-02 03:30
VLAI
Details

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-50935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-02T02:15:17Z",
    "severity": "MODERATE"
  },
  "details": "IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources.  IBM X-Force ID:  275115.\n\n",
  "id": "GHSA-vj5p-c5rg-hm3w",
  "modified": "2024-02-02T03:30:32Z",
  "published": "2024-02-02T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50935"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275115"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7113759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJ9R-PQP4-6MXR

Vulnerability from github – Published: 2025-12-28 21:30 – Updated: 2025-12-28 21:30
VLAI
Details

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Modifying the configuration settings is advised.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-425"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-28T21:15:54Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. Modifying the configuration settings is advised.",
  "id": "GHSA-vj9r-pqp4-6mxr",
  "modified": "2025-12-28T21:30:25Z",
  "published": "2025-12-28T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15153"
    },
    {
      "type": "WEB",
      "url": "https://note-hxlab.wetolink.com/share/ALC1iSa8J56A"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.338531"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.338531"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.719814"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Operation

Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files.

Mitigation
Architecture and Design

Consider using MVC based frameworks such as Struts.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-143: Detect Unpublicized Web Pages

An adversary searches a targeted web site for web pages that have not been publicized. In doing this, the adversary may be able to gain access to information that the targeted site did not intend to make public.

CAPEC-144: Detect Unpublicized Web Services

An adversary searches a targeted web site for web services that have not been publicized. This attack can be especially dangerous since unpublished but available services may not have adequate security controls placed upon them given that an administrator may believe they are unreachable.

CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)

An adversary can exploit a flaw in Bluetooth key negotiation allowing them to decrypt information sent between two devices communicating via Bluetooth. The adversary uses an Adversary in the Middle setup to modify packets sent between the two devices during the authentication process, specifically the entropy bits. Knowledge of the number of entropy bits will allow the attacker to easily decrypt information passing over the line of communication.

CAPEC-87: Forceful Browsing

An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.