Description

The Lucee web application is configured to display stack traces. In the event of errors, it reveals sensitive information about the application, such as file paths, stack traces, server variables, and more.

Remediation

Disable the display of stack traces

References

Locking Down Lucee

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19968)

WordPress Plugin SP Project & Document Manager Multiple Vulnerabilities (2.5.9.7)

Apache Tomcat version older than 4.1.37

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.6)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration