IIS ASP.NET Application Trace Enabled Network Vulnerability

Summary

The ASP.NET web application running in the root directory of this web server has application tracing enabled. This would allow an attacker to view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file.

Solution

Set <trace enabled=false> in web.config

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

ARRIS 2307 Unprotected Web Console
ASP-Dev XM Event Diary Multiple Vulnerabilities
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability

Take action and discover your vulnerabilities