CWE
11
Advisory Published
Updated

CVE-2021-35235: ASP.NET Debug Feature Enabled

First published: Wed Oct 27 2021(Updated: )

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.

Credit: psirt@solarwinds.com

Affected SoftwareAffected VersionHow to fix
Solarwinds Kiwi Syslog Server<=9.7.2

Remedy

SolarWinds advises Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-35235?

    CVE-2021-35235 is a vulnerability in Kiwi Syslog Server 9.7.2 and previous versions where the ASP.NET debug feature is enabled by default, allowing remote debugging of web applications.

  • How does CVE-2021-35235 affect Kiwi Syslog Server?

    CVE-2021-35235 affects Kiwi Syslog Server 9.7.2 and previous versions by enabling the ASP.NET debug feature by default, which can allow unauthorized access to debug web applications remotely.

  • How severe is CVE-2021-35235?

    CVE-2021-35235 has a severity keyword of 'medium' and a severity value of 5.3 out of 10.

  • What is the Common Weakness Enumeration (CWE) for CVE-2021-35235?

    The Common Weakness Enumeration (CWE) for CVE-2021-35235 is CWE-11, which relates to software configuration issues.

  • How can I fix CVE-2021-35235 in Kiwi Syslog Server?

    To fix CVE-2021-35235 in Kiwi Syslog Server, you should disable the ASP.NET debug feature by following the recommended steps provided by the vendor.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203