Deutsche Version (DE_DE)
English version (EN_US)
Test Methods ( Detailed Overview )
Here is a list of every test performed by Web Scan Service.
Microsoft Active Server Pages Cookie Retrieval IssueRemediation Task
Create Custom Error PagesWASC ClassificationInformation Disclosure: Information LeakageAffected ProductsAll Microsoft IIS web applications using ASPTechnical DescriptionIt is possible to produce errors which may contain sensitive information about the application. By corrupting cookie values to special values like "=" the ASP engine will produce an error and send it to the clients browser.Fix RecommendationA possible workaound would be to configure the web server to send custom error pages when an error was produced. Of course the custom error page should not contain information about the problem itself but about the administrator the customer can inform.
Technical DescriptionIt is possible to produce errors which may contain sensitive information about the application. By corrupting cookie values to special values like "=" the ASP engine will produce an error and send it to the clients browser.Fix RecommendationA possible workaound would be to configure the web server to send custom error pages when an error was produced. Of course the custom error page should not contain information about the problem itself but about the administrator the customer can inform.
A possible workaound would be to configure the web server to send custom error pages when an error was produced. Of course the custom error page should not contain information about the problem itself but about the administrator the customer can inform.
