Details

The CallStack and PageLevelTrace parameters are used when debugging a problem and displays detailed additional information.

Rationale:

The detailed additional information provided by the CallStack and PageLevelTrace parameters can be used by a malicious actor to gain sensitive information about the system parameters and application.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Locate the Web.configfile in your application root directory and edit it.
Edit the following SafeMode entry in the Web.config file:
1. Edit parameter CallStack=’false’.
2. Edit parameter AllowPageLevelTrace=’false’.
3. Close the Web.config file and save it.
Impact:
System sensitive information can be compromised.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2031

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.

References

• 800-53|SI-11a.
• CSCv6|18.5

Source

• Tenable.com/audits