search cancel

Detailed Error Messages Revealed

book

Article ID: 243029

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Affected URL: https://apps-ot.isvcs.net/iam/im/IDM-ENV-IAM-T/ui7/index.jsp

The application displays detailed error messages when unhandled Java exceptions occur. Detailed technical error messages can allow an adversary to gain information about the application and database that could be used to conduct further attacks. The following expressions were matched in the HTTP response:

\.java:[0-9]+
\.lang\.([A-Za-z0-9_]+)Exception

We could discuss details later.

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

. I reviewed the document and at this time there is no actual exposure of database information / leaked information. The client is going to gather more information on their end that explains how a malicious attacker can obtain this information and provide a CVE.