Details
Alert Id 40029
Alert Type Active
Status release
Risk Medium
CWE 215
WASC 13
Technologies Targeted Db / Microsoft SQL Server
Language / ASP
OS / Windows
WS / IIS
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-CONF-05

Summary

The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.

Solution

Consider whether or not Trace Viewer is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization.

References

Code

org/zaproxy/zap/extension/ascanrules/TraceAxdScanRule.java