In my .NET web applications, I usually have a Scripts folder that contains all of my javascript files - jQuery mostly these days, with a random JavaScript library of one kind or another.
I run a vulnerability scan on one of my sites through a scanner called Nexpose, and he informed me that the Scripts folder is open to the whole world - this means that unauthenticated users can download JavaScript files contained in this folder, and that this is a critical vulnerability. According to Nexpose, the Scripts folder should be limited to allow access only to authorized users. This leads me to my first question.
How do I limit the Scripts folder to authenticated users only? I tried to place the web.config file in the Scripts folder and thus deny access to all users who did not pass the verification, but this did not work, I could determine it myself, but by going to the login page of the site but not logging in, and then by typing https: //mywebsite/scripts/menubar.js and of course this allowed me to download the menubar.js file.
The second question is - Why is this considered a vulnerability? . I tried to explain my way through the possibilities here, but it didnβt occur to me much. Is this a vulnerability simply because Joe l33t h4x0r can detect the various libraries that I use, and then possibly use exploits known against them?
Update
In the vast majority of cases, the answer seems that in no case does the vulnerability exist only because the .js file can be opened and read in the clientβs browser. The only vulnerability that could exist would be if the developer somehow used the .js file (which I do not know).
source
share