Information Disclosure - Debug Error Messages

information_disclosure_debug_error_messages

Severity

low

Kind

Information Disclosure

CWE

1295

Description

The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.

Rationale

Debug error messages expose internal application details such as stack traces, database schema, file paths, and framework versions that assist attackers in reconnaissance. An attacker can use this information to identify specific vulnerabilities in the technology stack, craft targeted exploits, and understand the application’s internal logic. Error messages may also reveal sensitive business logic or configuration details that help map the attack surface.

Remediation

Disable debugging messages before pushing to production.

References

CWE-1295
OWASP Top 10 2021 - A01:2021 : Broken Access Control