Skip to content

Error Message Exposure Analyzer

Configuration Name: ErrorMessageExposure


The ErrorMessageExposure analyzer reports when a reponse contains an error message that has sensitive information about the application's implementation. A finding is reported when sensitive application details, such as source code or SQL queries, are present in an error message of a failed operation.

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-209 Generation of Error Message Containing Sensitive Information The software generates an error message that includes sensitive information about its environment, users, or associated data. Ensure that error messages contain an appropriate description of the error without exposing internal details about the application or the data. Consider use of fixed error messages for kinds of errors that may occur. Avoid forwarding errors from other parts of the application. low