ASP.NET DEBUG Method Enabled

medium Nessus Plugin ID 33270

Synopsis

The DEBUG method is enabled on the remote host.

Description

It is possible to send debug statements to the remote ASP scripts. An attacker might use this to alter the runtime of the remote scripts.

Solution

Make sure that DEBUG statements are disabled or only usable by authenticated users.

See Also

http://www.nessus.org/u?2d999af3

Plugin Details

Severity: Medium

ID: 33270

File Name: asp_net_debug.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 6/27/2008

Updated: 7/17/2023

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:asp.net

Patch Publication Date: 6/27/2008

Vulnerability Publication Date: 6/27/2008