CWE-12: ASP.NET Misconfiguration: Missing Custom Error Page
low-riskAn ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (1)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2020-6994 | 9.8 | 0.1% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal