Back to CWE list
CWE-12
ASP.NET Misconfiguration: Missing Custom Error Page
Variant
Draft
Description
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Confidentiality
Impact
Read Application Data
Potential Mitigations
System Configuration
Handle exceptions appropriately in source code. ASP .NET applications should be configured to use custom error pages instead of the framework default page.
Architecture and Design
Do not attempt to process an error or attempt to mask it.
Implementation
Verify return values are correct and do not supply sensitive information about the system.
Applicable Platforms
ASP.NET
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now