ASP.NET ViewState Disclosure
- Risk:
Informational
- Type:
- Passive
- CWE:
- CWE-200
- Summary
An ASP.NET ViewState was disclosed by the application/web server
- Solution
Manually confirm that the ASP.NET ViewState does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.
- References
https://learn.microsoft.com/en-us/previous-versions/bb386448(v=vs.140)
https://projects.webappsec.org/w/page/13246936/Information%20Leakage
New FileFix attack uses cache smuggling to evade security software
Oracle silently fixes zero-day exploit leaked by ShinyHunters
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
New Android Pixnapping attack steals MFA codes pixel-by-pixel
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner