Question

4
Replies
979
Views
jafferSathick Member since 2010 23 posts
TCS
Posted: 3 years ago
Last activity: 3 years 4 months ago
Closed
Solved

Java Run time error while accessing : https://< HostName >/prweb/PRRestService

While accessing, following URL, Pega throws run time exception error as shown in the attachment.

https://<HostName>/prweb/PRRestService

My Security testing team says this is a vulnerability as exceptions are not handled properly and recommends - 'Use generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be used by an attacker when orchestrating an attack.'

For example, If I access the following URL, I get a proper error message : 'Request URI must contain service package, class, and method keys'

https://<HostName>/prweb/PRRestService/monitor

Can you check this out ?

***Updated by Moderator: Marissa to add tag SR Created, added SR details***

Data Integration Java and Activities Security SR Created
Moderation Team has archived post
Share this page LinkedIn