Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ASP.NET CustomErrors Is Disabled - Vulnerability Database

ASP.NET CustomErrors Is Disabled

Description

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.

Invicti found an error message that may disclose sensitive information. By requesting a specially crafted URL, Invicti generated an ASP.NET error message. The message contains a complete stack trace and Microsoft .NET Framework version.

Remediation

Adjust the application's <code>web.config</code> to enable custom errors for remote clients (refer to 'Detailed information' section).

References

ASP.NET CustomErrors Is Disabled | Invicti

Related Vulnerabilities

Error page web server version disclosure Information
Common tags: Configuration Error Handling Information Disclosure
ASP.NET error message Low
Common tags: Configuration Error Handling Information Disclosure
Error page path disclosure Low
Common tags: Configuration Error Handling Information Disclosure
Padding oracle attack High
Common tags: Configuration Error Handling Information Disclosure
ASP.NET WCF service include exception details Medium
Common tags: Configuration Error Handling Information Disclosure

Severity

Medium

Classification

CWE-12
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Error Handling
Information Disclosure