Summary #

While analyzing an HTTP response, Invicti identified a stack trace that was exposed by the Laravel framework due to a misconfiguration.

Impact #

An attacker can obtain information such as:

  • Function names
  • Filenames
  • Physical file paths of relevant files.
  • Function parameters

This information might help an attacker gain more information and potentially focus on the development of further attacks against the target system.

Remediation #
Change your config/app.php file to disable debug mode, which is responsible for the visible stack traces:
'debug' => (bool) env('APP_DEBUG', false)
Classifications #
PCI v3.1-6.5.5; PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo