Description

ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment. If ELMAH is not properly configured, the elmah.axd handler can be accessed without authorization. This page will list all the error messages generated by the web application and may disclose sensitive information to an attacker.

Remediation

Adjust web.config to deny access to this entity without proper authorization.

<location path="elmah.axd">
  <system.web>
    <authorization>
      <allow roles="Admin" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

References

ASP.NET session hijacking with Google and ELMAH

Related Vulnerabilities

WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)

WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)

GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability

Severity

High

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure