Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ASP.NET ASPX debugging enabled - Vulnerability Database

ASP.NET ASPX debugging enabled

Description

The ASP.NET application has debugging enabled in its compilation configuration. When debugging is enabled in production environments, detailed error messages, stack traces, and internal application information are exposed to end users. This configuration is intended only for development environments and should never be enabled in production systems.

Remediation

Disable debugging in the application's Web.config file by setting the debug attribute to false in the <compilation> element.

Locate the <system.web> section in your Web.config file and modify the compilation element as follows:

<system.web>
  <compilation debug="false" targetFramework="4.x" />
  <!-- other configuration settings -->
</system.web>

After making this change, restart the application pool or the web server to ensure the configuration takes effect. Verify that custom error pages are properly configured to display user-friendly error messages instead of detailed technical information.

References

ASP.NET Debugging Enabled | Invicti

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Web Cache Poisoning through HTTP/2 pseudo-headers High
Common tags: Configuration
qdPM Information Disclosure High
Common tags: Configuration
Python Debugger Unauthorized Access Vulnerability High
Common tags: Configuration
Node.js Inspector Unauthorized Access Vulnerability High
Common tags: Configuration

Severity

Medium

Classification

CWE-11
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration