Description

The ASP.NET application trace is enabled. This file contains sensitive information such as Session ID values and physical path to the requested file.

Remediation

Remove this file from your website or change its permissions to remove access.

References

How to: Enable Tracing for an ASP.NET Application

Related Vulnerabilities

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

TorchServe Management API publicly exposed

WordPress Plugin User Meta Manager Information Disclosure (3.4.7)

PHP session.use_trans_sid enabled

WordPress Plugin Email Log Information Disclosure (1.9)

Severity

High

Classification

CWE-215 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure