Feature #272
open
Feature #235: [Security Audit Round 2 ]
[Security Audit Round 2 ] Improper Error Handling
Added by Kalyan Battula 12 months ago.
Updated 11 months ago.
Description
Improper Error Handling
observation : New
CWE : CWE-388
Description :
Application discloses various error messages including stacktraces, exceptions, server
versions etc., in error messages.
Affected Path(s) :
/(Webserver)
Impact :
An adversary can use this information to construct further attacks.
Evidence/Proof Of Concept :
Step 1: Improper Error Handling as shown in below screenshot.
Step 2: Improper Error Handling as shown in below screenshot.
Files
Kalyan Battula wrote:
Improper Error Handling
observation : New
CWE : CWE-388
Description :
Application discloses various error messages including stacktraces, exceptions, server
versions etc., in error messages.
Affected Path(s) :
/(Webserver)
Impact :
An adversary can use this information to construct further attacks.
Evidence/Proof Of Concept :
Step 1: Improper Error Handling as shown in below screenshot.
Step 2: Improper Error Handling as shown in below screenshot.
Recommendation :
It is recommended to implement custom error pages and implement throughout the
application.
- Assignee set to Uday Kumar Dara
- Status changed from New to In Progress
- Target version set to Security Audit
- Status changed from In Progress to Resolved
- Status changed from Resolved to Ready for Prod
Also available in: Atom
PDF