trace.axd Detected

  • CWE 425
  • WASC 34

Application-level tracing enables trace log output for every page within an application. When the trace element is enabled for remote users (localOnly="false"), any user can view a detailed list of recent requests to the application simply by browsing to the page trace.axd.


Check the trace element from web.config and ensure that enabled attribute is set to False and/or localOnly attribute is set to True.

<trace enabled="False" localonly="True"></trace>