CVE-2015-1648

Name of the Vulnerable Software and Affected Versions ASP.NET in Microsoft .NET Framework versions 1.1 SP1 through 4.5.2

Description An information disclosure issue exists due to improper handling of certain requests when custom error messages are disabled. This could allow an attacker to view parts of a web configuration file, potentially exposing sensitive information.

Recommendations For ASP.NET in Microsoft .NET Framework versions 1.1 SP1 through 4.5.2, enable custom error messages to prevent information disclosure. Consider restricting access to sensitive configuration files as an additional mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.