Description

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.

Acunetix found an error message that may disclose sensitive information. By requesting a specially crafted URL, Acunetix generated an ASP.NET error message. The message contains a complete stack trace and Microsoft .NET Framework version.

Remediation

Adjust the application's web.config to enable custom errors for remote clients (refer to 'Detailed information' section).

References

customErrors Element (ASP.NET Settings Schema)

Related Vulnerabilities

ASP.NET Cookieless session state enabled

Webmail weak password

Spring Boot Misconfiguration: H2 console enabled

WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)

PHP open_basedir Is Not Configured

Severity

Medium

Classification

CWE-12 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure