Hidden Directory Detected

Question

My company web application had a penetration testing done and there's a risk found is regarding the hidden directory:

I don't think there's any folder of that name in the application.

So, the question is where did all those folder come from? and how to mitigate this issue?

extra info: using Apache HTTP server on web server and Apache Tomcat on application server.

So then what HTTP response did the scanner get that makes it think there's something there? — Shane Madden, Jul 11 '14 at 04:28

score 0 · Answer 1 · answered Jul 11 '14 at 04:28

0

They are probably re-written addresses. Check your htaccess files and your website configuration files for rewrite rules or virtual directories.

answered Jul 11 '14 at 04:28

Mark Henderson

1 Answers1