VYPR

CWE-12

ASP.NET Misconfiguration: Missing Custom Error Page

VariantDraft

Description

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2021-40978Oct 7, 2021
    risk 0.00cvss epss 0.15

    The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and…