Description

The Lucee web application is configured to display stack traces. In the event of errors, it reveals sensitive information about the application, such as file paths, stack traces, server variables, and more.

Remediation

Disable the display of stack traces

References

Locking Down Lucee

Related Vulnerabilities

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

Gitlab user disclosure

Version Disclosure (IIS)

WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration