Elmah Exposure

The elmah AXD log file was found.

  • logs
  • exposure

Elmah AXD is a file used by the elmah logging library. By default, it is exposed. This makes it available to anyone that knows the URL.

Impact

An attacker may be able to retrieve sensitive information such as cookie values, request parameters and other sensitive artifacts.

Solution

Do not expose elmah AXD file.

Was this page helpful?