|
Details
|
|
Alert ID
|
110001 |
|
Alert Type
|
WebSocket Passive |
|
Status
|
release |
|
Risk
|
Medium |
|
CWE
|
209
|
|
WASC
|
13 |
|
Technologies Targeted
|
All
|
|
Tags
|
|
Summary
This payload contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application.
Solution
Review the error payloads which are piped directly to WebSockets. Handle the related exceptions. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Other Info
References
Code
scripts/templates/websocketpassive/Application Error Scanner.js