ASP.NET ViewState Disclosure

Home/Alerts/Alert detail/

Risk:
Informational

Type:
Passive

CWE:
CWE-200

Summary: An ASP.NET ViewState was disclosed by the application/web server

Solution: Manually confirm that the ASP.NET ViewState does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.

References

https://learn.microsoft.com/en-us/previous-versions/bb386448(v=vs.140)

https://projects.webappsec.org/w/page/13246936/Information%20Leakage

Top Security News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Download: CIS Critical Security Controls v8.1

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Common Alerts

InformationalContent-Type Header Empty

HighOut of Band XSS

MediumContent Security Policy (CSP) Header Not Set

InformationalPossible Username Enumeration

InformationalStorable and Cacheable Content

LowCookie Without Secure Flag

HighSpring4Shell

MediumHTTP to HTTPS Insecure Transition in Form Post

InformationalStorable but Non-Cacheable Content

InformationalHTTP Parameter Pollution

Top CVE List

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Top CWE List

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

HighCWE-805 Buffer Access with Incorrect Length Value

CWE-1072 Data Resource Access without Use of Connection Pooling

CWE-1091 Use of Object without Invoking Destructor Method

CWE-1174 ASP.NET Misconfiguration: Improper Model Validation

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

MediumCWE-190 Integer Overflow or Wraparound

LowCWE-262 Not Using Password Aging

CWE-36 Absolute Path Traversal

Free security scan for your website

Don't show website scan report rating on the leaderboard