Description

This web application is configured with the serviceDebug property includeExceptionDetailInFaults set to true. When configured this way, the WCF service will disclose exception details to clients.

Remediation

It's recommended to disable showing exception details to clients by setting the serviceDebug property includeExceptionDetailInFaults set to false. 

<serviceDebug includeExceptionDetailInFaults="false" />

References

IncludeExceptionDetailInFaults

Related Vulnerabilities

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Insecure Referrer Policy

Spring Boot Misconfiguration: Developer tools enabled on production

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Error Handling