Description
Application error or warning messages may expose sensitive information about an application's internal workings to an attacker.
Acunetix AcuSensor found that the PHP display_errors
directive is enabled.
Remediation
Adjust php.ini
or .htaccess
(mod_php
with Apache HTTP Server) to disable display_errors
(refer to 'Detailed information' section).
References
Related Vulnerabilities
Apache Geronimo default administrative credentials
Virtual Host locations misconfiguration
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Boot Misconfiguration: Datasource credentials stored in the properties file