Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ASP.NET application-level tracing enabled - Vulnerability Database

ASP.NET application-level tracing enabled

Description

Application-level tracing enables trace log output for every page within an application. When the <trace> element is enabled for remote users (localOnly="false"), any user can view an detailed list of recent requests to the application simply by browsing to the page trace.axd.

Remediation

Check the <strong>&lt;trace&gt;</strong> element from web.config and ensure that enabled attribute is set to <strong>&quot;False&quot;</strong> and/or localOnly attribute is set to <strong>&quot;true&quot;</strong>. <br/><br/> Example: &lt;trace enabled=&quot;False&quot; localOnly=&quot;True&quot;&gt;

References

ASP.NET Tracing Is Enabled | Invicti

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration Information Disclosure
Error page path disclosure Low
Common tags: Configuration Information Disclosure
JBoss JMX Console Unrestricted Access High
Common tags: Configuration Information Disclosure
JBoss Web Console JMX Invoker High
Common tags: Configuration Information Disclosure
Tomcat status page Low
Common tags: Configuration Information Disclosure

Severity

Medium

Classification

CWE-215
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Information Disclosure