Details

Allowing compilation or scripting of database pages via the ‘PageParserPaths’ elements

can lead to disclosure of compilation error messages containing server info and source

code exposed to the user.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Do not allow compilation or scripting of database pages via the PageParserPaths elements
in Web.Config file

Impact:

Information Disclosure of server path, Operating system info and source code to the user
by compilation error messages.

Default Value:

By default, the tag in application wab.config file is empty.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2395

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

• 800-53|SI-11a.
• CSCv6|18

Source

• Tenable.com/audits