Home / Vulnerability Database / Config files : External information leakage through error pages
Config files
Config files : External information leakage through error pages
Classification
OWASP Top 10 2013
OWASP Top 10 2017
PCI DSS 4.0
CWE/SANS Top 25 2021
Overview
The application uses default error pages. They may contain information about the system configuration. This can help an attacker to plan an attack.
Debug information and error messages can be written to the log, displayed to the console, or sent to the user depending on the system settings. In some cases, an attacker can make a conclusion about the system vulnerabilities from the error message. For example, a database error can indicate insecurity against SQL injection attacks. Information about the version of the operating system, application server and system configuration can also be of value to the attacker.
References
- OWASP: Top 10 2017-A3-Sensitive Data Exposure
- OWASP: Top 10 2017-A6-Security Misconfiguration
- OWASP: Top 10 2013-A5-Security Misconfiguration
- OWASP: Top 10 2013-A6-Sensitive Data Exposure
- CWE-497: Exposure of System Data to an Unauthorized Control Sphere
- CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-209: Generation of Error Message Containing Sensitive Information
MEDIUM
DerScanner Severity Score
Do you want to fix Config files : External information leakage through error pages in your application?
See also
Config files
Config files : Text4Shell Vulnerability
Config files
Config files : Incorrect directory deletion
Config files