ASP.NET diagnostic page

Description

An ASP.NET diagnostic page was found in this directory. Usually, such files are installed by developers to help them in testing their code or debug various parts of the application. This page discloses a lot of potentially sensitive information, such as: the list of environment variables, trace information, request details, list of server variables.

It's recommended to restrict access to this file.

Remediation

Adjust web.config to deny access to this entity without proper authorization.

<location path="dump.aspx">
  <system.web>
    <authorization>
      <allow roles="Admin" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

References
Severity
Classification
Tags
  • Configuration  Information Disclosure