Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft .NET Verbose Error Reporting Detection

Info

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote .NET server has enabled verbose error reporting. By default, such reports are only accessible via localhost (127.0.0.1). If enabled, remote attackers can gain useful information for future attacks. Information displayed includes: source code, stack trace, physical path of the application, error codes, and more. In addition, there have been flaws in the way that .NET 'ValidateRequest' handles malicious inputs.

Solution

Disable verbose error reporting in .NET applications