Summary

While analyzing an HTTP response, Acunetix 360 identified a stack trace that was exposed by the Laravel framework due to a misconfiguration.

Impact

An attacker can obtain information such as:

  • Function names
  • Filenames
  • Physical file paths of relevant files.
  • Function parameters

This information might help an attacker gain more information and potentially focus on the development of further attacks against the target system.

Remediation

Change your config/app.php file to disable debug mode, which is responsible for the visible stack traces:
'debug' => (bool) env('APP_DEBUG', false)

Severity

Medium

Classification

PCI v3.2-6.5.5 CAPEC-214 CWE-248 HIPAA-164.306(a) 164.308(a) ISO27001-A.18.1.3 WASC-14 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C