Improper Filesystem Permissions

Improper Filesystem Permissions are a threat to the confidentiality, integrity, and availability of an application. The problem arises when incorrect filesystem permissions – such as read, write, modify, or execute – are set on files, folders, and symbolic links. These improper permissions allow the attacker to access restricted files or directories and modify or delete their contents. 

Examples

1. The webserver account is incorrectly given write access to the server's index file, "default.asp." An attacker accessing the web page may be able to modify the contents of the "default.asp" file.

2. The webserver account is incorrectly given access to system files such as password files, password hashes, and critical operating system files. An attacker may access and modify those files through the webserver, such as when a directory traversal vulnerability is present.

3. The webserver account is incorrectly given script source access; an attacker may view the source code of the web application.