Korean
<< Back
VID 210177
Severity 30
Port 80, ...
Protocol TCP
Class CGI
Detailed Description This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

* References:
https://www.owasp.org/index.php/Exception_Handling

* Platforms Affected:
Any operating system Any version

* Note: This check item checks for 500 Internal Server Error. If an error message is found on a man page, it can be a false positive.
Recommendation Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Related URL (CVE)
Related URL (SecurityFocus)
Related URL (ISS)