Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Custom Error Pages Are Not Configured in WEB-INF/web.xml

Severity: Medium
Summary#

Invicti detected that the web application displays detailed error messages that disclose the server version and detailed stack trace information.


It's recommended to modify the configuration file WEB-INF/web.xml to display custom error pages, preventing the information leakage.

Impact#

The detailed error messages contain potentially sensitive information that might help an attacker to conduct further attacks.

Actions To Take#

Using the following configuration an error page will be displayed whenever the application responds with an HTTP 500 error. You can add additional entries for other HTTP status codes as well:


<error-page>
  <error-code>500</error-code>
  <location>/path/to/error.jsp</location>
</error-page>
Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works