| Details | |
|---|---|
| Alert ID | 10094-1 |
| Alert Type | Passive |
| Status | alpha |
| Risk | Informational |
| CWE | 319 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
CWE-319 OWASP_2017_A03 OWASP_2021_A04 POLICY_PENTEST |
| More Info |
Scan Rule Help |
Summary
An ASP.NET ViewState was disclosed by the application/web server.
Solution
Manually confirm that the ASP.NET ViewState does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.Other Info
References
- https://learn.microsoft.com/en-us/previous-versions/bb386448(v=vs.140)
- https://projects.webappsec.org/w/page/13246936/Information%20Leakage