This article is a part of our Web Security Knowledge Base (back to index)
Why “Application Error Disclosure” can be dangerous
This vulnerability means that the user’s data is not properly protected by the application. It may be possible for the attacker to access all the information about your application. There is a threat of sensitive information disclosure like internal server configuration, credentials of API keys, resources location and many more.
This information can be used to perform further attacks against your web application.
How to fix “Application Error Disclosure”
Review the source code of the page with known vulnerability.
Provide custom error pages for your web application.
Consider creating unique error identifiers while logging details of errors on the server side. Therefore you would be able to provide the error reference to the browser without exposing any details to the user.
How does ScanRepeat report “Application Error Disclosure”
ScanRepeat performs a passive scan against your application, analyzes every HTTP response received and looks for commonly known error phrases. Scanrepeat reports every occurrence of vulnerability found providing the evidence and URL.
Please note that this alert can be a false positive if the error message appears inside documentation pages.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now