Stack Trace Disclosure (Ruby-Sinatra Framework)

Severity: Medium
Summary#

Invicti identified a stack trace disclosure (Ruby-Sinatra framework) in the target web server's HTTP response.

Impact#
An attacker can obtain information such as:
  • Stack trace.
  • Physical file path of template file.
  • Information about the generated exception.
  • Internal IP address.
This information might help an attacker gain more information and potentially focus on the development of further attacks for the target system.
Remediation#
Configure your application not to provide detailed error pages in production environments. Save all information regarding the error to a backend storage, such as a log or a text file, and show a friendly custom error page to the user.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works