CVE-2015-1648 Information

Description

ASP.NET in Microsoft .NET Framework 1.1 SP1 2.0 SP2 3.5 3.5.1 4 4.5 4.5.1 and 4.5.2 when the customErrors configuration is disabled allows remote attackers to obtain sensitive configuration-file information via a crafted request aka \ASP.NET Information Disclosure Vulnerability.\

Reference

http://www.securitytracker.com/id/1032116 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-041