CWE-12 – ASP.NET Misconfiguration: Missing Custom Error Page | Common Weakness Enumeration (CWE)

Overview

CWE-12 (ASP.NET Misconfiguration: Missing Custom Error Page) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

Background details

Extended context from the CWE catalog (rendered from MITRE XHTML).

The mode attribute of the <customErrors> tag defines whether custom or default error pages are used.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	ASP.NET	—	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2020-6994	2020-04-03	A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploi…

Previous names

ASP.NET Misconfiguration: Missing Custom Error Handling (2009-03-10)

Content submission

Name: 7 Pernicious Kingdoms
Date: 2006-07-19
Version: Draft 3

Content modifications

Date	Name	Version	Importance	Comment
2008-07-01	Eric Dalci	1.0	—	updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction
2008-09-08	CWE Content Team	1.0	—	updated Relationships, Other_Notes, References, Taxonomy_Mappings
2008-10-14	CWE Content Team	1.0.1	—	updated Relationships
2008-11-24	CWE Content Team	1.1	—	updated Common_Consequences, Other_Notes, Potential_Mitigations
2009-03-10	CWE Content Team	1.3	—	updated Name, Relationships
2009-07-27	CWE Content Team	1.5	—	updated Background_Details, Common_Consequences, Other_Notes
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2011-06-27	CWE Content Team	2.0	—	updated Common_Consequences
2012-05-11	CWE Content Team	2.2	—	updated Demonstrative_Examples, Relationships
2012-10-30	CWE Content Team	2.3	—	updated Potential_Mitigations
2013-02-21	CWE Content Team	2.4	—	updated Potential_Mitigations
2014-07-30	CWE Content Team	2.8	—	updated Relationships
2017-11-08	CWE Content Team	3.0	—	updated Demonstrative_Examples, Potential_Mitigations, References, Relationships
2020-02-24	CWE Content Team	4.0	—	updated References, Relationships
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-09-09	CWE Content Team	4.18	—	updated References
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities