| VID |
22466 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server is running a version of the ASP.NET Framework which is enabled the HTTP DEBUG method. Microsoft .NET Framework could allow a remote attacker to send debug statements to arbitrary ASP scripts of the target Web server. A remote attacker could use this to alter the runtime of arbitrary ASP scripts.
* Platforms Affected:
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Windows Any version |
| Recommendation |
Make sure that DEBUG statements are disabled by modifying either the Web.config file or the Machine.config file, as listed in Microsoft Support Document 815157 at http://support.microsoft.com/kb/815157/en-us?spid=6351&sid=262 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
