Tag Archives: Missing Custom Error Page

CWE-756 – Missing Custom Error Page

Read Time:20 Second

Description

The software does not return custom error pages to the user, possibly exposing sensitive information.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

CWE-755
CWE-209

 

Consequences

Confidentiality: Read Application Data

Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.

 

Potential Mitigations

CVE References