Looking for the vulnerability index of Invicti's legacy products?
Custom Error Pages Are Not Configured in WEB-INF/web.xml - Vulnerability Database

Custom Error Pages Are Not Configured in WEB-INF/web.xml

Description

This Java web application displays detailed error messages that disclose the server version and detailed stack trace information.

It's recommended to modify the configuration file WEB-INF/web.xml to display custom error pages, preventing the information leakage.

Remediation

Using the following configuration an error page will be displayed whenever the application responds with an HTTP 500 error. You can add additional entries for other HTTP status codes as well: <pre> &lt;error-page&gt; &lt;error-code&gt;500&lt;/error-code&gt; &lt;location&gt;/path/to/error.jsp&lt;/location&gt; &lt;/error-page&gt; </pre>

Related Vulnerabilities