Severity: High
Netsparker detected a Server-Side Request Forgery based on pattern matching and confirmed the vulnerability using specific ELMAH related requests.
This vulnerability can cause highly sensitive data leaks on current sessions.
web.config
file to disable remote access to the Elmah:<appSettings>
<add key="elmah.mvc.requiresAuthentication" value="true" />
<add key="elmah.mvc.allowedRoles" value="Admin" />
</appSettings>