| Details | |
|---|---|
| Alert ID | 40029 |
| Alert Type | Active |
| Status | release |
| Risk | Medium |
| CWE | 215 |
| WASC | 13 |
| Technologies Targeted |
Db / Microsoft SQL Server Language / ASP OS / Windows WS / IIS |
| Tags |
OWASP_2017_A06 OWASP_2021_A05 WSTG-V42-CONF-05 |
| More Info |
Scan Rule Help |
Summary
The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.
Solution
Consider whether or not Trace Viewer is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization.Other Info
References
- https://msdn.microsoft.com/en-us/library/bb386420.aspx
- https://msdn.microsoft.com/en-us/library/wwh16c6c.aspx
- https://www.dotnetperls.com/trace