You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a file named 500.tmplt does not exist, AWS.Server.Default_Unexpected_Exception_Handler will send the traceback from Ada.Exceptions.Exception_Information to clients, leaking information about memory offsets and program information that may be useful to an attacker trying to build an exploit.
See CWE-209 for more information about this class of vulnerability.
I believe this is unsafe default behavior and Default_Unexpected_Exception_Handler should be modified to only send Exception_Information to Log and/or Standard_Error and return a generic 500 Internal Server Error to clients.
The text was updated successfully, but these errors were encountered:
If a file named
500.tmpltdoes not exist,AWS.Server.Default_Unexpected_Exception_Handlerwill send the traceback fromAda.Exceptions.Exception_Informationto clients, leaking information about memory offsets and program information that may be useful to an attacker trying to build an exploit.See CWE-209 for more information about this class of vulnerability.
I believe this is unsafe default behavior and
Default_Unexpected_Exception_Handlershould be modified to only sendException_InformationtoLogand/orStandard_Errorand return a generic 500 Internal Server Error to clients.The text was updated successfully, but these errors were encountered: