Description

The ASP.NET application trace is enabled. This file contains sensitive information such as Session ID values and physical path to the requested file.

Remediation

Remove this file from your website or change its permissions to remove access.

References

How to: Enable Tracing for an ASP.NET Application

Related Vulnerabilities

BottlePy weak secret key

JBoss JMX Console Unrestricted Access

Django Debug Toolbar

Apache Tomcat version older than 7.0.30

CodeIgniter development mode enabled

Severity

High

Classification

CWE-215 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure