Description

One or more stack traces were identified. The web application has generated an error message that includes sensitive information about its environment, users, or associated data.

The stack trace can disclose potentially sensitive information such as: physical file paths of relevant files, source code fragments, version information of various packages, database information, error messages, ...

It's recommended to handle exceptions internally and do not display errors containing potentially sensitive information to a user.

Remediation

To prevent the information disclosure you can implement custom error pages by applying the following changes to your web.config file. 


<System.Web>
     <customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
          <error statusCode="403" redirect="~/error/Forbidden.aspx" />
          <error statusCode="404" redirect="~/error/PageNotFound.aspx" />
          <error statusCode="500" redirect="~/error/InternalError.aspx" />
     </customErrors>
</System.Web>

Related Vulnerabilities

[Possible] WS_FTP Log File Detected

Devise weak password

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

Full public read access Azure blob storage

SAP ICF /sap/public/info sensitive information disclosure

Severity

Low

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure