Summary
The ASP.NET web application running in the root
directory of this web server has application
tracing enabled. This would allow an attacker to
view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file.
Solution
Set <trace enabled=false> in web.config
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- AjaxPortal 'di.php' File Inclusion Vulnerability
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities