Description
An ASP.NET diagnostic page was found in this directory. Usually, such files are installed by developers to help them in testing their code or debug various parts of the application. This page discloses a lot of potentially sensitive information, such as: the list of environment variables, trace information, request details, list of server variables.
It's recommended to restrict access to this file.
Remediation
Adjust web.config to deny access to this entity without proper authorization.
<location path="dump.aspx">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
References
Related Vulnerabilities
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-5682)