trace.axd Detected
- CWE 425
- WASC 34
Application-level tracing enables trace log output for every page within an application. When the trace element is enabled for remote users (localOnly="false"), any user can view a detailed list of recent requests to the application simply by browsing to the page trace.axd.
Remediation
Check the trace element from web.config and ensure that enabled attribute is set to False and/or localOnly attribute is set to True.
<trace enabled="False" localonly="True"></trace>
Go Back to List
Search Vulnerability
You may also see
- Readable .htaccess file
- apc.php page
- Webalizer script
- phpinfo page
- Apache perl-status Enabled
- Apache server-info Enabled
- Apache server-status Enabled
- JetBrains .idea project directory
- AWStats script
- elmah.axd Detected
- Core dump checker PHP script
- trace.axd Detected
- .DS_Store file
- Macromedia Dreamweaver database scripts
- Help file
- robots.txt Detected
- Sitemap Detected
- crossdomain.xml Detected
- Silverlight Client Access Policy
- Laravel log file
- Code Repository
- Configuration File
- Administration page
- Predictable Resource Location
- Code Repository
- Configuration File
- Administration page