Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    [bogus] Information Exposure Through an Error Message reported by Veracode

    Following is the issue when the security audit was run over the source code in Smart GWT3.0 version.

    Information Exposure Through an Error Message
    The software generates an error message that includes sensitive information about its environment, users, or associated data.
    com/.../servlet/SourceViewer.java 208

    Can we have some resolution for this please?

    #2
    This appears to be a bogus report.

    In general, security scanning tools produce a lot of bogus reports, because among other things they will scan methods that are not accessible from end user UI as though they were publicly accessible (this includes developer tools, code for command-line use, test code, etc).

    If you believe you've found a security vulnerability you should submit a test case showing how the code could be exploited.

    Comment

    Working...
    X