CVE-2021-35235

Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server versions 9.7.2 and earlier

Description: The ASP.NET debug feature is enabled by default, allowing remote debugging of web applications if configured to do so. This debug mode compiles applications with extra information, enabling a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting systems with malicious intent.

Recommendations: For Kiwi Syslog Server versions 9.7.2 and earlier, consider disabling the ASP.NET debug feature to prevent potential remote debugging sessions and disclosure of sensitive information. As a temporary workaround, restrict access to the ASP.NET debug feature until a patch is available.