Description

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.

Acunetix found an error message that may disclose sensitive information. By requesting a specially crafted URL, Acunetix generated an ASP.NET error message. The message contains a complete stack trace and Microsoft .NET Framework version.

Remediation

Adjust the application's web.config to enable custom errors for remote clients (refer to 'Detailed information' section).

References

customErrors Element (ASP.NET Settings Schema)

Related Vulnerabilities

WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)

Adobe ColdFusion 9 administrative login bypass

WordPress default administrator account

WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)

GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability

Severity

Medium

Classification

CWE-12 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Error Handling Information Disclosure