Integer Overflow
sureshhcl opened this issue · 1 comments
sureshhcl commented
Stratos Version
4.4.0
Frontend Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- npm run start
- Other (please specify below)
Backend (Jet Stream) Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- Other (please specify below)
Expected behaviour
AppScan DAST scan shouldn't expose sensitive information.
Actual behaviour
AppScan DAST scan expose sensitive information.
Steps to reproduce the behavior
AppScan DAST scans for Stratos URL https://ui.169.53.186.50.nip.io. The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Log output covering before error and any error statements
Access-Control-Allow-Origin:
Vary: Origin
Content-Length: 192
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
Strict-Transport-Security: max-age=15724800; includeSubDomains
Date: Wed, 10 Mar 2021 14:47:50 GMT
Content-Type: text/plain; charset=utf-8
{"t73XFqlpQugy2ywCJMheffz2HZU":{"error":{"statusCode":500,"status":"500 Internal Server Error"},"errorResponse":
{"description":"Database error","error_code":"CF-DatabaseError","code":10011}}}
Detailed Description
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Context
Possible Implementation
richard-cox commented
Where is the integer overflow? Where is the sensitive information? Please be careful when creating issues using automated tools to first read what it produces and then apply some context.