Summary #

Invicti detected that the web application is running in development mode that disclose the server version and detailed stack trace information.


It's recommended to modify the configuration file WEB-INF/server-config.wsdd to switch the system from development to production, preventing the information leakage.

Impact #

The detailed error messages contain potentially sensitive information that might help an attacker to conduct further attacks.

Actions To Take #

In the example below, the web application will switch the system from development mode to production mode:

<globalConfiguration>
 <parameter name="axis.development.system" value="false"/>
</globalConfiguration>
Classifications #
CWE-16; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo