Summary
The ASP.NET web application running in the root
directory of this web server has application
tracing enabled. This would allow an attacker to
view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file.
Solution
Set <trace enabled=false> in web.config