7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStack

Information

The CallStack and PageLevelTrace parameters are used when debugging a problem and
displays detailed additional information.

Rationale:

The detailed additional information provided by the CallStack and PageLevelTrace
parameters can be used by a malicious actor to gain sensitive information about the system
parameters and application.

Solution

Locate the Web.configfile in your application root directory and edit it.
Edit the following SafeMode entry in the Web.config file:

1. Edit parameter CallStack='false'.
2. Edit parameter AllowPageLevelTrace='false'.
3. Close the Web.config file and save it.

Impact:

System sensitive information can be compromised.

See Also

https://workbench.cisecurity.org/files/2395

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11a., CSCv6|18.5

Plugin: Windows

Control ID: 2852ccde8a92be11a6b434c3d9be8df16806a9b6a3ad6552691a8a24a1b8763b