Description

The Lucee web application is configured to display stack traces. In the event of errors, it reveals sensitive information about the application, such as file paths, stack traces, server variables, and more.

Remediation

Disable the display of stack traces

References

Locking Down Lucee

Related Vulnerabilities

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

Version Disclosure (ASP.NET)

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration