Stack Trace Disclosure (Ruby-Sinatra Framework)
Summary#
Invicti identified a stack trace disclosure (Ruby-Sinatra framework) in the target web server's HTTP response.
Impact#
An attacker can obtain information such as:
- Stack trace.
- Physical file path of template file.
- Information about the generated exception.
- Internal IP address.
Remediation#
Configure your application not to provide detailed error pages in production environments. Save all information regarding the error to a backend storage, such as a log or a text file, and show a friendly custom error page to the user.