Lucee Stacktrace Information Disclosure

Description

The Lucee web application is configured to display stack traces. In the event of errors, it reveals sensitive information about the application, such as file paths, stack traces, server variables, and more.

Remediation

Disable the display of stack traces

References

Locking Down Lucee

Related Vulnerabilities

WordPress Plugin AlertWire Information Disclosure (1.1.1)

SAP Management Console get user list

Sensitive pages could be cached

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

Padding oracle attack

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N