CWE-12: ASP.NET Misconfiguration: Missing Custom Error Page

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-12 (ASP.NET Misconfiguration: Missing Custom Error Page) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-12: ASP.NET Misconfiguration: Missing Custom Error Page

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-12?

What CVEs are caused by CWE-12?

How do you prevent CWE-12?

What are the consequences of CWE-12?

Is CWE-12 actively exploited?

References

Stay ahead of CWE-12

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-12?

What CVEs are caused by CWE-12?

How do you prevent CWE-12?

What are the consequences of CWE-12?

Is CWE-12 actively exploited?

References

Stay ahead of CWE-12