Forum Discussion
Michael_Koyfma1
Nov 09, 2015Cirrus
It allows for information leakage. For example, many java stacks will disclose where exactly the error happened when 500 is generated, etc. ASM's goal is to prevent as much information disclosure about the backend as possible. Additionally, exposing that a particular request generates a 500 error may give an attacker an idea about certain attack vector as well.
- AskingQuestion_Nov 09, 2015NimbostratusThank you for the prompt answer. Does this make 500 a vulnerability in any means? What is the risk level (low, medium, high, critical)? Thanks.