Rapid7 Vulnerability & Exploit Database

ASP.NET debug feature enabled

Back to Search

ASP.NET debug feature enabled

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
10/31/2007
Created
07/25/2018
Added
11/26/2007
Modified
06/20/2013

Description

The ASP.NET application is running in debug mode which allows a remote user to glean information about an application by using the DEBUG verb in an HTTP request. This can leak information including source code, hidden filenames, and detailed error messages.

Solution(s)

  • fix-http-asp-dot-net-debug-enabled

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;