2 vulnerabilities classified as CWE-11 (ASP.NET误配置:创建Debug模式二进制). AI Chinese analysis included.
CWE-11 represents a configuration weakness where ASP.NET applications are deployed with debug binaries enabled in production environments. This misconfiguration exposes detailed internal system information, including stack traces, source code snippets, and variable states, which attackers exploit to map application architecture and identify specific vulnerabilities. By analyzing these verbose error messages, adversaries can plan targeted attacks such as SQL injection or remote code execution with greater precision. To prevent this risk, developers must ensure that the compilation mode is set to release rather than debug before deployment. Additionally, automated CI/CD pipelines should enforce strict configuration checks to guarantee that debug symbols and verbose logging are disabled in live environments, ensuring that sensitive operational data remains hidden from potential malicious actors.
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <compilation defaultLanguage="c#" debug="true" /> ... </system.web> </configuration>| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-48008 | Dell RecoverPoint for Virtual Machines 安全漏洞 — RecoverPoint for Virtual Machines | 5.3 | Medium | 2024-12-13 |
| CVE-2021-35235 | ASP.NET Debug Feature Enabled — Kiwi Syslog Server | 5.3 | Medium | 2021-10-27 |
Vulnerabilities classified as CWE-11 (ASP.NET误配置:创建Debug模式二进制) represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.