Error Message Exposure Analyzer
Configuration Name: ErrorMessageExposure
Description
The ErrorMessageExposure analyzer reports when a reponse contains an error
message that has sensitive information about the application's implementation.
A finding is reported when sensitive application details, such as source code
or SQL queries, are present in an error message of a failed operation.
Faults Reported
| Fault Identifier | Title | Summary | Solution | Severity |
|---|---|---|---|---|
| CWE-209 | Generation of Error Message Containing Sensitive Information | The software generates an error message that includes sensitive information about its environment, users, or associated data. | Ensure that error messages contain an appropriate description of the error without exposing internal details about the application or the data. Consider use of fixed error messages for kinds of errors that may occur. Avoid forwarding errors from other parts of the application. | low |