Summary

Acunetix 360 identified a Programming Error Message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. data may be disclosed. Most of these issues will be identified and reported separately by Acunetix 360.

Remediation

Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log, text file or database, then show this number and a static user-friendly error message to the user.

Severity

Low

Classification

PCI v3.2-6.5.5 CAPEC-118 CWE-210 HIPAA-164.306(a) 164.308(a) ISO27001-A.18.1.3 WASC-13 OWASP 2013-A5 OWASP 2017-A6