CWE-12 - ASP.NET Misconfiguration: Missing Custom Error Page
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
ASP.NET Misconfiguration: Missing Custom Error Page
Description
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: Default error pages gives detailed information about the error that occurred, and should not be used in production environments. Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.