Description

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.

Acunetix found an error message that may disclose sensitive information. By requesting a specially crafted URL, Acunetix generated an ASP.NET error message. The message contains a complete stack trace and Microsoft .NET Framework version.

Remediation

Adjust the application's web.config to enable custom errors for remote clients (refer to 'Detailed information' section).

References

ASP.NET CustomErrors Is Disabled | Invicti

Related Vulnerabilities

WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)

Jetty ConcatServlet Information Disclosure (CVE-2021-28169)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

Multiple vulnerabilities in Ioncube loader-wizard.php

WordPress Plugin Simple History Information Disclosure (2.7.4)

Severity

Medium

Classification

CWE-12 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure