Server side Language And Configured Sensitive Data Blank Files > Disclosure of Secrets > For Public Accessable Assets

[galactghost]

Hi , i have found files which are sensitive but blank because some are written in server side language and some are configured but these can be access in the websites . All of these can misconfigured in a way that they can expose sensitive info. I have reported this vulnerability but its status changed to not applicable . These files can impact the company and others if they have any of these files. I want to add the title vulnerability in VRT or some other what you have in mind . i have provided proof of concept , step to reproduce , impact enough but the vulnerability status is changed to not applicable .

[TimmyBugcrowd]

Hi galactghost,

Unfortunately we cannot make any changes in the VRT with what you're suggesting because the VRT already has an entry for sensitive files being disclosed as you can see and without sensitive information being shown, N/A is appropriate.