This article is a part of our Web Security Knowledge Base (back to index)
Why “Application Error Disclosure” can be dangerous
This vulnerability means that there exist pages in your application that contain too verbose error messages, with potential source code disclosure or other sensitive information like the internal web server configuration, credentials of API keys, resources location or any other user's data.
This information can be used to perform further attacks against your web application.
How to fix “Application Error Disclosure”
Review the source code of the page with known vulnerability and check for any unhandled exception in your application.
Implement custom error pages for your web application.
Consider creating unique error codes while logging details of errors on the server side. Therefore you will be able to provide the error reference to the browser without exposing any sensitive data.
How does ScanRepeat report “Application Error Disclosure”
ScanRepeat performs a passive scan against your application, analyzes every HTTP response received and looks for commonly known error phrases. Scanrepeat reports every occurrence of vulnerability found, providing the evidence and URL.
Please note that this alert can be a false positive if the error message appears inside documentation pages.
Would you like to test your application now against this problem? Sign up for our free trial
Scan Your Web App Now