Hi,
Below files are found which are getting stored in the temp file
build/tmp/gwt/widgetset/com.widgets.CustomWidgetSet
• VAADIN/vaadinBootstrap.js.gz
• VAADIN/vaadinPush.debug.js.gz
• VAADIN/widgetsets/CustomWidgetSet.nocache.js.gz
**Threat Description**: An attacker can gain sensitive information about the site architecture,
database and network access credential details, encryption keys, and so forth from these files.
The attacker can use information obtained to craft precise targeted attacks, which may not
otherwise be feasible, against the application.
**Recommendation**:
· Webroot Security Policy: Implement a security policy that prohibits storage of backup files in
Webroot.
· Temporary Files: Many tools and editors automatically create temporary files or backup files in
the Webroot. Be careful when editing files on a production server to avoid inadvertently leaving a
backup or temporary copy of the file(s) in the webroot.
· Default Installations: Often, a lot of unnecessary files and folders are installed by default. For
instance, IIS installations include demo applications. Be sure to remove any files or folders that
are not required for application to work properly.
· Development Backup: Source code back up should not be stored and left available on the webroot.
Further QA can include test cases to look for the presence of backup files in the webroot to
ensure none are left in publicly accessible folders of the web application.
If these files are necessary so kindly provide some justification so that we can close this or if we can secure this files please provide if any steps.