Description

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.

Acunetix found an error message that may disclose sensitive information. By requesting a specially crafted URL, Acunetix generated an ASP.NET error message. The message contains a complete stack trace and Microsoft .NET Framework version.

Remediation

Adjust the application's web.config to enable custom errors for remote clients (refer to 'Detailed information' section).

References

customErrors Element (ASP.NET Settings Schema)

Related Vulnerabilities

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

Nginx PHP code execution via FastCGI

Node.js Web Application does not handle uncaughtException

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

SharePoint user enumeration

Severity

Medium

Classification

CWE-12 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure