Missing Custom Error Page| ID: 756 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Class |
Description
The software does not return custom error pages to the user,
possibly exposing sensitive information.
Applicable PlatformsNone
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Confidentiality | Read application
data | Attackers can leverage the additional information provided by a
default error page to mount attacks targeted on the framework, database,
or other resources used by the application. |
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-756 ChildOf CWE-895 | Category | CWE-888 | |
Demonstrative Examples (Details)
- An insecure ASP.NET application setting: (Demonstrative Example Id DX-75)
- In the snippet below, an unchecked runtime exception thrown from
within the try block may cause the container to display its default error
page (which may contain a full stack trace, among other
things). (Demonstrative Example Id DX-76)
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None
