Stack Trace Disclosure (CherryPy)
Description
The application exposes detailed CherryPy framework stack traces when errors occur. These stack traces reveal internal application structure, including file system paths, code execution flow, framework version information, and potentially sensitive configuration details. Stack trace disclosure typically occurs when exception handling is not properly configured to suppress detailed error information in production environments.
Remediation
Configure CherryPy to suppress detailed error messages in production environments and implement proper exception handling:
1. Disable the default error page by setting request.show_tracebacks = False in your CherryPy configuration
2. Implement custom error handlers that display generic error messages to users while logging detailed errors securely server-side
3. Set the environment to production mode in your configuration file
import cherrypy
# In your configuration
config = {
'/': {
'request.show_tracebacks': False,
'request.show_mismatched_params': False,
'log.screen': False
}
}
# Custom error page
def handle_error():
cherrypy.response.status = 500
cherrypy.response.body = [
b"An error occurred. Please contact support."
]
cherrypy.config.update({
'environment': 'production',
'request.error_response': handle_error
})
4. Ensure all exceptions are caught and logged to secure log files accessible only to authorized personnel
5. Regularly review error logs to identify and fix underlying issues causing exceptions