Documentation - V-222600

V-222600

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must not disclose unnecessary information to users.

Description

<VulnDiscussion>Applications should not disclose information not required for the transaction. (e.g., a web application should not divulge the fact there is a SQL server database and/or its version). These events usually occur when the web application has not been configured to send specific error messages for error events. Instead, when a processing anomaly occurs, the application displays technical information about the type of application server, database in use, or other technical details. ...

Fix Text (Documentation Requirement)

Configure the application to not display technical details about the application architecture on error events.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel