7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed

Information

Allowing compilation or scripting of database pages via the 'PageParserPaths' elements can lead to disclosure of compilation error messages containing server info and source code exposed to the user.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Do not allow compilation or scripting of database pages via the PageParserPaths elements in Web.Config file
Impact:
Information Disclosure of server path, Operating system info and source code to the user by compilation error messages.
Default Value:
By default, the tag in application wab.config file is empty.

See Also

https://workbench.cisecurity.org/files/2031

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11a., CSCv6|18

Plugin: Windows

Control ID: 425c823dfd47f9754760de12e3af1b4c0fdc41b3fa46a8e3f26bb7a788634e33