GEN:SID | 1:1660 |
Message | WEB-IIS trace.axd access |
Summary | This event is generated when an attempt is made to trace previous web requests on the vulnerable server.
|
Impact | Information gathering. This attack may permit viewing sensitive information such as Session ID values and the paths associated with the web requests.
|
Detailed Information | Microsoft ASP.NET is software used for developing web applications. It may have tracing enabled to view the previous 50 web requests to the server. At attacker may view sensitive information such as Session ID values and the paths associated withe previous web requests.
|
Affected Systems | Attack Scenarios: An attacker can attempt to access the traced requests to gather information.
|
Attack Scenarios | |
Ease of Attack | Easy.
|
Corrective Action | Set <trace enabled=false> in web.config
|
Additional References | Nessus http://cgi.nessus.org/plugins/dump.php3?id=10993
|
Rule References | nessus: 10993
|