Description

The Lucee web application is configured to display stack traces. In the event of errors, it reveals sensitive information about the application, such as file paths, stack traces, server variables, and more.

Remediation

Disable the display of stack traces

References

Locking Down Lucee

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5739)

WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)

WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.2)

WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration