CWE-12 - ASP.NET Misconfiguration: Missing Custom Error Page

CWE-12

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: ASP.NET Misconfiguration: Missing Custom Error Page

Description: An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: Default error pages gives detailed information about the error that occurred, and should not be used in production environments. Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.

Related Weaknesses: CWE-756Missing Custom Error Page

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard