Details
Allowing compilation or scripting of database pages via the ‘PageParserPaths’ elements can lead to disclosure of compilation error messages containing server info and source code exposed to the user.
Solution
Do not allow compilation or scripting of database pages via the PageParserPaths elements in Web.Config file
Impact:
Information Disclosure of server path, Operating system info and source code to the user by compilation error messages.
Default Value:
By default, the tag in application wab.config file is empty.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.