Stack Trace Disclosure (Laravel)
Severity: Medium
Summary #
While analyzing an HTTP response, Invicti identified a stack trace that was exposed by the Laravel framework due to a misconfiguration.
Impact #
An attacker can obtain information such as:
- Function names
- Filenames
- Physical file paths of relevant files.
- Function parameters
This information might help an attacker gain more information and potentially focus on the development of further attacks against the target system.
Remediation #
Change your
config/app.php file to disable debug mode, which is responsible for the visible stack traces:
'debug' => (bool) env('APP_DEBUG', false)
Classifications #
PCI v3.1-6.5.5; PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6
, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
