Alert group Development configuration file
A configuration file (e.g. Vagrantfile, Gemfile, Rakefile, ...) was found in this directory. This file may
expose sensitive information that could help a malicious user to prepare more advanced attacks. It's
recommended to remove or restrict access to this type of files from production systems.
Recommendations Remove or restrict access to all configuration files acessible from internet.
composer.lock => Composer lock file. Composer is a dependency manager for PHP.
GET /w/composer.lock HTTP/1.1
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Extremely low-level information disclosure of various configuration files are not typically considered vulnerabilities for FLOSS code such as MediaWiki, as said configuration files are publicly-available in various repositories. This is both known and intentional. Additionally, such files can often be deleted once MediaWiki has been installed and configured. A web server running MediaWiki can also be configured not to serve such files.