CWE-209 on ZAP /alerttags/cwe-209/ Recent content in CWE-209 on ZAP Hugo en-us .NET stack trace / YSOD /docs/alerts/200010-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-3/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Full Path Disclosure /docs/alerts/110009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/110009/ <p>The full path of files which might be sensitive has been exposed to the client.</p> Generic Padding Oracle /docs/alerts/90024/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90024/ <p>By manipulating the padding on an encrypted string, an attacker is able to generate an error message that indicates a likely &lsquo;padding oracle&rsquo; vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono. An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data. This rule should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled for that.</p> Information Disclosure - Java Stack Trace /docs/alerts/100035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100035/ <p>A Java stack trace was found in the HTTP response body.</p> Information Disclosure - SQL Error /docs/alerts/100020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100020/ <p>An SQL error was found in the HTTP response body.</p> Internal file path disclosure /docs/alerts/200010-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-6/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Java stack trace /docs/alerts/200010-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-2/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Node.js / Express stack trace /docs/alerts/200010-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-1/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> PHP fatal error / warning /docs/alerts/200010-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-5/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p> Python traceback /docs/alerts/200010-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200010-4/ <p>Detects common framework stack traces, error pages, and path disclosures in observed responses.</p> <p>Generated by OWASP PTK DAST Module</p>