Stack Trace Disclosure (ASP.NET)
Summary#
Invicti identified a stack trace disclosure (ASP.NET) in the target web server's HTTP response.
Impact#
An attacker can obtain information such as:
- ASP.NET version.
- Physical file path of temporary ASP.NET files.
- Information about the generated exception and possibly source code, SQL queries, etc.
Remediation#
Apply following changes on your
web.config file to prevent information leakage by applying custom error pages. <System.Web>
<customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
<error statusCode="403" redirect="~/error/Forbidden.aspx" />
<error statusCode="404" redirect="~/error/PageNotFound.aspx" />
<error statusCode="500" redirect="~/error/InternalError.aspx" />
</customErrors>
</System.Web>
Classifications#
Invicti Security Insights
- Picking up a clear signal at OWASP 2023 Global AppSec Dublin
- What is server-side request forgery (SSRF) and how can you prevent it?
- What the OWASP Top 10 2021 categories mean for OWASP compliance
- The new OWASP Top 10 is not what you think
- Invicti Supports the OWASP Lightning Event “How to Turn your Cybersecurity Hobby into a Career – An Introduction to Bug Bounties”
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities
