Synopsis
Web.config File Information Disclosure
Description
An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information.
Solution
Ensure proper restrictions are in place, or remove the file if the file is not required.