← Back to Findings

info Application Error Disclosure

Details

Severityinfo
StatusOpen
Enginezap
Target URLhttps://easm.liifecore.com/settings
First Seen2026-07-14 03:00:20 UTC
Last Seen2026-07-14 03:00:20 UTC
CWECWE-550

Description

This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

Evidence

HTTP/1.1 500 Internal Server Error

Raw Output

{
  "alert": "Application Error Disclosure",
  "alertRef": "90022",
  "attack": "",
  "confidence": "Medium",
  "cweid": "550",
  "description": "This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.",
  "evidence": "HTTP/1.1 500 Internal Server Error",
  "id": "73",
  "inputVector": "",
  "messageId": "175",
  "method": "GET",
  "name": "Application Error Disclosure",
  "other": "",
  "param": "",
  "pluginId": "90022",
  "reference": "",
  "risk": "Low",
  "solution": "Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.",
  "sourceMessageId": 175,
  "sourceid": "3",
  "tags": {
    "CWE-550": "https://cwe.mitre.org/data/definitions/550.html",
    "OWASP_2017_A06": "https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html",
    "OWASP_2021_A05": "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/",
    "POLICY_PENTEST": "",
    "POLICY_QA_STD": "",
    "WSTG-v42-ERRH-01": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling",
    "WSTG-v42-ERRH-02": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces"
  },
  "url": "https://easm.liifecore.com/settings",
  "wascid": "13"
}

Update Status