Threat Encyclopedia



This indicates an attempt to access a sensitive file through HTTP requests.
The signature checks for these files:
/etc/passwd (List of local users)
/etc/shadow (List of users' passwords' hashes)
/etc/resolv.conf (Contains the current name servers, DNS, for the system. )
These files in Linux system store essential information regarding registered users. Access to these files is usually restricted.

Affected Products

All HTTP servers that are not properly configured.


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.
Restrict access to the files.