Stack Trace Disclosure (Apache MyFaces)
Summary#
Invicti identified a stack trace disclosure (Apache MyFaces) in the target web server's HTTP response.
Impact#
An attacker can obtain information such as:
- Stack trace.
- Information about the generated exception.
This information might help an attacker gain more information and potentially focus on the development of further attacks for the target system.
Remediation#
Apply the following configuration to your
web.xml file to prevent information leakage by applying custom error pages.<error-page>
<error-code>500</error-code>
<location>/server_error.html</location>
</error-page>
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities
