239 – Technical information leak - Errors

Description

It is possible to cause the server to throw errors after analyzing the endpoints with different techniques such as: sending massive requests to the endpoint, sending massive characters in the body of the application.

Impact

Obtain technical information from the server.

Recommendation

Use generic messages to indicate server errors and avoid sending technical information.

Threat

Authorized attacker from the Internet.

Expected Remediation Time

45 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Csharp
• Elixir
• Go
• Java
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/16