Stack Trace Disclosure (Java)

Severity: Medium
Summary#

Invicti identified a stack trace disclosure (Java) in the target web server's HTTP response.

Impact#
An attacker can obtain information such as:
  • Tomcat version.
  • Physical file path of Tomcat files.
  • Information about the generated exception.
This information might help an attacker gain more information and potentially focus on the development of further attacks to the target system.
Remediation#
Apply the following configuration to your web.xml file to prevent information leakage by applying custom error pages.
<error-page>
    <error-code>500</error-code>
    <location>/server_error.html</location>
</error-page>

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works