CWE-12
ASP.NET Misconfiguration: Missing Custom Error Page
VariantDraft
Description
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40978 | — | 0.00 | — | 0.15 | Oct 7, 2021 | The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and… |
- CVE-2021-40978Oct 7, 2021risk 0.00cvss —epss 0.15
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and…