Description

An ASP.NET diagnostic page was found in this directory. Usually, such files are installed by developers to help them in testing their code or debug various parts of the application. This page discloses a lot of potentially sensitive information, such as: the list of environment variables, trace information, request details, list of server variables.

It's recommended to restrict access to this file.

Remediation

Adjust web.config to deny access to this entity without proper authorization.

<location path="dump.aspx">
  <system.web>
    <authorization>
      <allow roles="Admin" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

References

ASP.NET Diagnostic page to dump ASP.NET and Environment configuration

Related Vulnerabilities

Cookies with Secure flag set over insecure connection

WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.22)

Struts 2 Config Browser plugin enabled

WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure