Description

Application-level tracing enables trace log output for every page within an application. When the element is enabled for remote users (localOnly="false"), any user can view an detailed list of recent requests to the application simply by browsing to the page trace.axd.

Remediation

Check the element from web.config and ensure that enabled attribute is set to "False" and/or localOnly attribute is set to "true".

Example:

Related Vulnerabilities