I ran the Qualys scan on one of our websites and got the Path-Based Vulnerability on a lot of media pages with .ashx extension.
Anyone visiting the website should be able to access the media that is rendered by the urls that are identified as vulnerable. The pages are created with .ashx extension to allow for flexibility to change the media without having to change the links.
Can you please help me understand what do I need to do to fix of the vulnerability? Not all the .ashx media page were identified so I am wondering something must be different about these pages but cannot identify what.
Any help I can get is greatly appreciated.