1 vulnerabilities classified as CWE-12 (ASP.NET误配置:缺少定制错误页面). AI Chinese analysis included.
CWE-12 represents a configuration weakness in ASP.NET applications where the absence of custom error pages allows sensitive framework-generated responses to leak to end-users. Attackers typically exploit this vulnerability by triggering exceptions, such as invalid URLs or malformed requests, to force the server to return detailed stack traces, internal file paths, or database connection strings. These verbose error messages provide attackers with valuable reconnaissance data, facilitating further targeted attacks like SQL injection or directory traversal. To mitigate this risk, developers must explicitly configure the application’s web.config file to enable custom errors. This involves defining specific custom error pages for different HTTP status codes and ensuring that detailed error information is suppressed in production environments, thereby ensuring that users see only generic, non-revealing messages while the application logs the actual technical details securely for administrative review.
<customErrors mode="Off" /><customErrors mode="RemoteOnly" />| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-6994 | Belden HiOS 输入验证错误漏洞 — HiOS for the following devices RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED | 9.8 | - | 2020-04-03 |
Vulnerabilities classified as CWE-12 (ASP.NET误配置:缺少定制错误页面) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.